Return-Path: <sentto-279987-3843-1005488990-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sun, 11 Nov 2001 06:31:12 -0800 (PST) Received: (qmail 32051 invoked by uid 510); 11 Nov 2001 14:28:45 -0000 Received: from n26.groups.yahoo.com (216.115.96.76) by all.net with SMTP; 11 Nov 2001 14:28:45 -0000 X-eGroups-Return: sentto-279987-3843-1005488990-fc=all.net@returns.groups.yahoo.com Received: from [10.1.1.220] by n26.groups.yahoo.com with NNFMP; 11 Nov 2001 14:28:37 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 11 Nov 2001 14:29:49 -0000 Received: (qmail 94489 invoked from network); 11 Nov 2001 14:29:48 -0000 Received: from unknown (216.115.97.167) by m2.grp.snv.yahoo.com with QMQP; 11 Nov 2001 14:29:48 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1.grp.snv.yahoo.com with SMTP; 11 Nov 2001 14:29:48 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fABEUF913115 for iwar@onelist.com; Sun, 11 Nov 2001 06:30:15 -0800 Message-Id: <200111111430.fABEUF913115@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sun, 11 Nov 2001 06:30:15 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] Passive OD fingerprinting Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit http://www.incidents.org/papers/OSfingerprinting.php Passive OS Fingerprinting: Details and Techniques By: Toby Miller 1.1 PURPOSE The purpose of this paper is to explain the details and techniques that can be used in passive OS fingerprinting. In this paper, we will look at packets captured by TCPDUMP. Although this paper assumes the reader has a basic understanding of the Transmission Control Protocol/Internet Protocol (TCP/IP), we will briefly cover certain fields in the TCP/IP header. This paper will specifically cover passive OS fingerprinting using TCP and the SYN packet. We will cover other flags but the majority of the work has been done analyzing a SYN packet. Passive OS fingerprinting using ICMP has been covered in great detail at http://www.sys-security.com. Before we begin, I want to clear up any confusion between passive Operating System (OS) fingerprinting (what we are doing here) and active OS fingerprinting (tools like NMAP use this technique). First, passive OS fingerprinting does not send out any packets. All that is needed to perform passive OS fingerprinting is a computer, a sniffer and a desire to dig into a packet. Active OS fingerprinting on the other hand will send special or not so special packets to a machine and wait for a response from that machine. That response will determine what operating system the remote system is running. ... ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST