STEP 5- Scanning and FingerPrinting Continues

In the Previous step I have discussed the very basic things about scanning and two most important scanning tools namely NMAP and Nettools. Now we continue our discussion on the Scanning ...
Now we Discuss some internal and advanced scanning Methods..

First of Which is OS Fingerprinting...

What is OS Fingerprinting ??

OS fingerprinting is the method to determine the operating system that is running on the target system.

The two different types of fingerprinting are:
• Active stack fingerprinting
• Passive fingerprinting

Active Stack FingerPrinting:

Based on the fact that OS vendors implement the TCP stack differently.Specially crafted packets are sent to remote OSs and response is noted. The responses are then compared with a database to determine the OS.

Passive FingerPrinting:

Passive banner grabbing refers to indirectly scanning a system to reveal its server’s operating system.
It is also based on the differential implantation of the stack and the various ways an OS responds to it.
It uses sniffing techniques instead of the scanning techniques. It is less accurate than active fingerprinting.


P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:
  • machines that connect to your box (SYN mode),
  • machines you connect to (SYN+ACK mode),
  • machine you cannot connect to (RST+ mode),
  • machines whose communications you can observe.

P0f can also do many other tricks, and can detect or measure the following:
  • firewall presence, NAT use (useful for policy enforcement),
  • existence of a load balancer setup,
  • the distance to the remote system and its uptime,
  • other guy’s network hookup (DSL, OC3, avian carriers) and his ISP.

wait for next step


kiran said...

hey, pof v2 not work,
but the imp note r too sexy

Post a Comment