Fingerprinting OS
Fingerprinting is a process in scanning phase in which an attacker
tries to identify Operating System(OS) of target system. Fingerprinting
can be classified into two types
-Active Stack Fingerprinting
-Passive Stack Fingerprinting
Active Stack Fingerprinting involves sending data to the target
system and then see how it responds. Based on the fact that each system will
respond differently, the response is compared with database and the OS is
identified. It is commonly used method though there are high chances of getting
detected. It can be performed by following ways.
Syntax: nmap -O IP_address
Example: nmap -U 127.0.0.1
Using Xprobe: It is UNIX only active stack fingerprinting
tool. Also runs on Linux, it can not only detect OS but also devices
and their version numbers.
Syntax: xprobe2 -v IP_address
Example: xprobe -v 127.0.0.1
Passive Stack Fingerprinting involves examining traffic on
network to determine the operating system. There is no guarantee that the fingerprint
will be accurate but usually they are accurate. It generally means sniffing
traffic rather than making actual contact and thus this method is stealthier
and usually goes undetected. Passive stack fingerprinting can be performed in
following ways.
Using p0f: It is passive fingerprinting tool. Both
windows and Linux versions are available.
For Windows:
Open command prompt and type
C:\>ipconfig
it will list all Ethernet card available in your system, note
the number of Ethernet on which your connection is running, in my case it is
two. Now type “p0f -i card_number”
C:\p0f>p0f -i 2
Now try to connect to the system you want to fingerprint
leaving command prompt open and p0f will detect OS.
For Linux:
In Linux you will need to install it first. If you are using
Red Hat Linux and downloaded a rpm package then browse to the folder where you
downloaded rpm package and run following command.
#rpm -i package_name
else if you have configured yum for download from repository
type following commands.
# yum clean all
#yum list
#yum install p0f
If you are using Debian based or Gentoo based Linux and
downloaded deb package then browse to the folder and type following commands,
#dpkg -i package_name
else if you want to install from repository then use
following commands
#apt-get update
#apt-get install p0f
if you are using super user then don't forget to prefix
“sudo” before type “ap-get” command.
Now open command prompt and type following commands,
#p0f -i eth0 -vt
where “i” means interface “eth0” is your communicating card
“v” means show results in verbose mode and “t” means add timestamps to output.
Now try to connect to remote system and fingerprint its OS.
Using NetCraft:
Go to the site of NetCraft and type IP address of target you
want to fingerprint in “What's that site is running”. It'll give
you its OS.
I hope that was quite easy, if you have any problems using
any of the above tools then please don't hesitate to ask. I am here to help,
thanks for reading and keep visiting and also comment the thoughts and problems about any computer technology........aspect u like it.