OS fingerprinting is the process of detecting the operating system of the target host or a network. The following are some of the commonly used OS fingerprinting methods.

Active Fingerprinting

Active fingerprinting is the method in which specially crafted packets are sent to the target system and the response is noted. Since different operating systems respond to source packets in different ways, this response can be analyzed to determine the target OS.
One of the simple example is the use of Nmap tool as discussed in the post (url of what_is_scanning Post)  which employs active fingerprinting method to determine the target OS.

Banner Grabbing

Another commonly used method of active fingerprinting is called banner grabbing. This can be done using a simple tool called telnet. Telnet is readily available on Windows XP and previous versions. For Windows Vista, 7 and 8 machines you need to activate the inbuilt telnet tool before you can use it. Just search for “how to enable telnet on windows” on Google to find detailed instructions for enabling telnet client on your computer. Once you have enabled the telnet client on your computer, banner grabbing is pretty simple. Just type the following command in the command prompt to detect the operating system running on the target:

telnet target-domain-or-IP 80

This will open the connection with the target. Next type the text exactly as follows HEAD / HTTP/1.1 and hit the Enter key twice. This should fetch results where there is a possibility of the target OS being mentioned as shown in the below figure.

Passive Fingerprinting

Passive fingerprinting is a technique that uses indirect methods to determine the target operating system. Unlike active fingerprinting which sends packets to the target, passive fingerprinting on the other hand uses sniffing technique to analyze the target network traffic and determine the operating system. It is less accurate than active fingerprinting. You can use online tools like Netcraft to perform passive fingerprinting.

Netcraft Tool: http://toolbar.netcraft.com/site_report

Just visit the above link to access the Netcraft tool and enter the target domain or IP as shown in this figure


Chetan Sundarde

What's hurts more, the pain of hard work or the pain of regret?

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment


Post a Comment