B8 - OS Fingerprinting Flashcards

1
Q

What is OS fingerprinting?

A

Process of analysing data packets which originate from a network to collect intelligence to be used in later attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is active OS fingerprinting?

A

Actively probing a target system with specially crafted packets and analysing the TCP/IP behaviour of the received responses. - More accurate, more invasive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is passive OS fingerprinting?

A

Examining passively collected sample of packets from a host - Less accurate, but more effective in avoiding detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Common ports involved in OS fingerprinting:

A

TCP Port 80 (HTTP), TCP/UDP Port 53 (DNS), TCP Port 443 (HTTPS), TCP/UDP 135 (MSRPC), TCP Port 22 (SSH), TCP Port 445 (SMB).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which nmap flag enables Operating System TCP/IP stack fingerprinting?

A

-O

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Commonly used tools for Active OS Fingerprinting:

A

nmap, Xprobe2, SinFP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Commonly used tools for Passive OS Fingerprinting:

A

p0f, Wireshark, Ring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly