B8 - OS Fingerprinting Flashcards
What is OS fingerprinting?
Process of analysing data packets which originate from a network to collect intelligence to be used in later attacks
What is active OS fingerprinting?
Actively probing a target system with specially crafted packets and analysing the TCP/IP behaviour of the received responses. - More accurate, more invasive.
What is passive OS fingerprinting?
Examining passively collected sample of packets from a host - Less accurate, but more effective in avoiding detection.
Common ports involved in OS fingerprinting:
TCP Port 80 (HTTP), TCP/UDP Port 53 (DNS), TCP Port 443 (HTTPS), TCP/UDP 135 (MSRPC), TCP Port 22 (SSH), TCP Port 445 (SMB).
Which nmap flag enables Operating System TCP/IP stack fingerprinting?
-O
Commonly used tools for Active OS Fingerprinting:
nmap, Xprobe2, SinFP
Commonly used tools for Passive OS Fingerprinting:
p0f, Wireshark, Ring