官术网_书友最值得收藏!

Fingerprinting the operating system

Determining the operating system of a remote system is conducted using two types of scans:

  • Active fingerprinting: The attacker sends normal and malformed packets to the target and records its response pattern, referred to as the fingerprint. By comparing the fingerprint to a local database, the operating system can be determined.
  • Passive fingerprinting: The attacker sniffs, or records and analyzes, the packet stream to determine the characteristics of the packets.

Active fingerprinting is faster and more accurate than passive fingerprinting. In Kali, the two primary active tools are nmap and xprobe2.

The nmap tool injects packets into the target network and analyzes the response that it receives. In the following screenshot, the -O flag commands nmap to determine the operating system:

nmap -sS -O target.com

A related program, xprobe2, uses different TCP, UDP, and ICMP packets to bypass firewalls and avoid detection by IDS/IPS systems. Xprobe2 also uses fuzzy pattern matching – the operating system is not identified as definitely being one type; instead, it is assigned the probability of being one of several possible variants:

root@kali:~# xprobe2www.target.com  

Note that it is simple for the target system to hide the true operating system. Since fingerprinting software relies on packet setting, such as time-to-live or the initial windows size, changes to these values or other user-configurable settings can change the tool results. Some organizations actively change these values to make the final stages of reconnaissance more difficult.

主站蜘蛛池模板: 张掖市| 岑巩县| 金堂县| 南召县| 贡嘎县| 高雄市| 怀来县| 盘山县| 威宁| 安宁市| 湄潭县| 婺源县| 阿城市| 乡宁县| 阿坝县| 金溪县| 广宗县| 西峡县| 梓潼县| 涟水县| 甘孜县| 桐梓县| 东至县| 张掖市| 平顺县| 瑞金市| 宕昌县| 桦甸市| 洪湖市| 黄梅县| 蒲城县| 伊金霍洛旗| 赤壁市| 武威市| 延安市| 康马县| 金湖县| 乌审旗| 桓仁| 临城县| 吴忠市|