-: Network Hacking (OS Fingerprinting) :-
OS Fingerprinting :-
OS Fingerprinting refers to detection of target computer's operating system.
Since, different operating system responds differently to the same
kind of ICMP message, it is very important for an attacker to determine
the exact operating system running on target system.
Also attacker can carry out attacks by taking over the vulnerabilities/bugs
found in that particular operating system.
There are four areas that we will look at to determine the operating
system (however there are other signatures that can be used). These
1) TTL - What the operating system sets the Time
To Live on the outbound packet.
2) Window Size - What the operating system sets the
Window Size at.
3) DF - Does the operating system set the Don't Fragment
4) TOS - Does the operating system set the Type of
Service, and if so, at what.
There are two different types of OS Fingerprinting technique -
1) Active OS Fingerprinting :- Remote
active operating system fingerprinting is the process of actively
determining a targeted network node’s underlying operating system
by probing the
targeted system with several packets and examining the response(s),
or lack thereof, received? The traditional approach is to examine
the TCP/IP stack behavior (IP, TCP, UDP, and ICMP protocols) of a
targeted network element when probed with several legitimate and/or
2) Passive OS Fingerprinting :-Passive fingerprinting is
based on sniffer traces from the remote system. Instead of actively
querying the remote system, all you need to do is capture packets
sent from the remote system. Based on the sniffer traces of these
packets, you can determine the operating system of the remote host.
Just like in active fingerprinting, passive fingerprinting is
based on the principle that every operating system's IP stack has
its own idiosyncrasies. By analyzing sniffer traces and identifying
these differences, you may be able determine the operating system
of the remote host.