Penetration Testing mailing list archives

Re: OS Fingerprints

From: GomoR <sfml () gomor org>
Date: Wed, 5 Oct 2005 14:59:10 +0200

On Tue, Oct 04, 2005 at 03:07:27PM +0100, BSK wrote:

Dear All,

Some time back I came across a document that listed a
table with Operating systems and their TTL that helped
identify an operating system.

I've been trying to search that document on Internet
and my machine but not successful yet. Can someone
point me to that or similar document.

Basically I'm looking for information which helps us
identify the target operating system from its TTL
field obtained while ping. The document for example
listed that if the TTL is 128 its likely to be M$ and
if its 64 its likely to be Cisco Router or switch.

Await your reply.

rgds,
Bshan


  Hello,

  if you want a simple trick to do OS fingerprinting, I 
  suggest you to use the initial window size of a TCP session 
  establishement.

  If you use that, you can create a table for each OS I've 
  seen by parsing the file at:
  http://www.gomor.org/files/net-sinfp-db-export.txt

  Or better, use the database in SQLite format:
  DB Schema:
  http://www.gomor.org/files/net-sinfp-db-schema.ps
  DB:
  http://www.gomor.org/files/sinfp.db

  Or even better, use SinFP:
  http://www.gomor.org/cgi-bin/index.pl?mode=view;page=net_sinfp

  Best regards,

-- 
  ^  ___  ___    FreeBSD Network - http://www.GomoR.org/ <-+
  | / __ |__/          Systems & Security Engineer         |
  | \__/ |  \     ---[ zsh$ alias psed='perl -pe ' ]---    |
  +-->  Net::Packet <=> http://search.cpan.org/~gomor/  <--+

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

OS Fingerprints BSK (Oct 05)
- Re: OS Fingerprints Franck Veysset (Oct 05)
- Re: OS Fingerprints Daniele Bellucci (Oct 05)
- RE: OS Fingerprints Omar (Oct 05)
- RE: OS Fingerprints JB (Oct 05)
- Re: OS Fingerprints GomoR (Oct 05)
  - Re: OS Fingerprints Dragos Ruiu (Oct 06)
- Re: OS Fingerprints Nicolas Gregoire (Oct 05)
- Re: OS Fingerprints Francisco Pecorella (Oct 05)
- Re: OS Fingerprints Tim (Oct 05)
- Re: OS Fingerprints Joe Matusiewicz (Oct 05)
- RE: OS Fingerprints Omar A. Herrera (Oct 05)
- Re: OS Fingerprints Chuck (Oct 05)
- <Possible follow-ups>
- Re: OS Fingerprints Don Parker (Oct 05)
- RE: OS Fingerprints ankush.kapoor (Oct 05)
- Re: OS Fingerprints BSK (Oct 05)

(Thread continues...)