TCP/IP fingerprinting

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View


Hi,
I understand that certain parameters within TCP
protocol definition are set to different default values by
different operating systems and this inturn is used
for TCP/IP fingerprinting. But, Is there a TCP/IP fingerprint
database that tells the relation between the various
TCP protocol fields and the corresponding values
that might determine the type of Operating System ?

Which is the best fingerprinting tool and how far
is fingerprinting helpful in safeguarding against attacks ?

I searched the internet, i got only fingerprint submission
pages, but did not get a database. Any ideas ?

Thx in advans,
Karthik Balaguru

Re: TCP/IP fingerprinting
On Saturday, 19 December 2009 18:41:55 UTC+5:30, karthikbalaguru  wrote:
Quoted text here. Click to load it



I am working with same topic.if you can help me in this please reply.

Re: TCP/IP fingerprinting



Quoted text here. Click to load it

nmap with the -O switch does very well, and is likely the most used
with the biggest fingerprint database.

But if there aren't many services responding, take the results with a
grain of salt.



Re: TCP/IP fingerprinting


Quoted text here. Click to load it

Thx for the inputs.

Quoted text here. Click to load it

Okay !

I came across IceScan, an open source tool (GPL licenced)
and a list of tools in the below link also -
http://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting#Fingerprinting_too =
ls
But, i think just as you told, nmap seems to be excellent !!

http://nmap.org/svn/nmap-os-db -> It is indeed very big.

Thx,
Karthik Balaguru

Re: TCP/IP fingerprinting


On Fri, 01 Jan 2010 21:08:24 -0800, karthikbalaguru wrote:

Quoted text here. Click to load it
IP_stack_fingerprinting#Fingerprinting_tools
Quoted text here. Click to load it

it is the best of its breed

Site Timeline