Wireshark Network Security by Piyush Verma

Author:Piyush Verma
Language: eng
Format: azw3, epub, pdf
Tags: #pw3, #computers
ISBN: 9781784393335
Publisher: Packt Publishing
Published: 2015-07-15T00:00:00+00:00

OS fingerprinting attempts

OS fingerprinting is the technique where an attacker tries to identify the operating system running on the target machine(s). An attacker can perform either passive or active fingerprinting.

In passive fingerprinting, an attacker monitors the traffic to and from a target machine and looks for certain indications, such as the initial IP TTL values, TCP window size, or a user-agent string, and other unique operating system characteristics to identify the OS in use. For example, a User-Agent string of Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.5.0 helps the attacker assume that the target is running a Linux machine. However, user-agent strings and other factors can be modified using a number of tools. Hence, it is not a reliable method.

The tools required are P0f and Ettercap.

Active OS fingerprinting provides a more reliable result for the attacker, but the probes sent during this activity make it detectable by Wireshark and other advanced detection tools.

The following are different techniques that are used for OS fingerprinting:

ICMP-based fingerprinting: Certain tools make use of unique ICMP probes to detect how an OS responds and make a guess based on that. The following are important filters for such a case: (icmp.type == 8) && (!(icmp.code == 0))

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.