[ Thanks to Noel
for this link. ]
“One of the challenges of network security is learning about the
bad guys. To understand your threats and better protect against
them, you have to Know Your Enemy. Passive Fingerprinting is a
method to learn more about the enemy, without them knowing it.
Specifically, you can determine the operating system and other
characteristics of the remote host using nothing more then sniffer
traces. Though not 100% accurate, you can get surprisingly good
results.”
“Traditionally, Operating System fingerprinting has been done
using active tools, such as queso or nmap. These tools operate on
the principle that every operating system’s IP stack has its own
idiosyncrasies. Specifically, each operating system responds
differently to a variety of malformed packets. All one has to do is
build a database on how different operating systems respond to
different packets. Then, to determine the operating system of a
remote host, send it a variety of malformed packets, determine how
it responds, then compare these responses to a database.”
“Passive fingerprinting is based on sniffer traces from the
remote system. Instead of actively querying the remote system, all
you need to do is capture packets sent from the remote system.
Based on the sniffer traces of these packets, you can determine the
operating system of the remote host.”
“Below is the sniffer trace of a system sending a packet. This
system launched a mountd exploit against me, so I want to learn
more about it. I do not want to finger or nmap the box, that could
give me away. Rather, I want to study the information passively.
This signature was captured using snort, my sniffer of choice.”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.