Information Technology Reference
In-Depth Information
Telnet Session Negotiations
The simplest way to determine the remote OS is the Telnet Session Negotiation (TSN).It
only requires you to telnet the server. The result will be surprising to see that many systems
will be running telnet for no reason. More surprising situation will be that most networks
will give you response with the exact version of the OS. This method is not much elegant
but it is quite effective. (Chuvakin and peikari 2004) states that TSN is considered to be
first thing that must be checked while performing the OS fingerprinting.
TCP Stack Fingerprinting
This technique involves the sending variety of packet probes at the target host .When the
response comes you predict the OS on the remote side by comparing changes in the re-
sponse with a database. (Kanellis et al. 2006) consider the NMAP best tool available for
this job.
Passive fingerprinting
As described earlier there are two types fingerprinting one is active and other one is passive
fingerprinting. Nmap uses active fingerprinting by sending the fragmented packets to the
target host. On the other hand passive fingerprinting maps the network quietly without
sending the fragmented packets (Yeo 2003). It works because various OS stacks have spe-
cified TCP/IP flag settings. There is one passive fingerprinting tool available known as p0f
(Zalewski 2006). This tool performs OS fingerprinting on the basis of the information re-
ceived from the host when the connection is being established. This is helpful because the
incoming packets have enough information that can determine the Source OS. The main
advantage of this is that the target host is not aware that its computer is being fingerprint.
So if he has installed firewalls still one can know the OS through the outgoing packets.
Fingerprinting Services
In the previous step we have just done the OS fingerprinting. The next step is to go a bit
more deep into network footprinting towards the application running on a host. The fin-
gerprinting services are to know about the services running on the specific ports. Banner
grabbing is a method of identifying the services running on a port by connecting to it on a
remote host. Banner grabbing is the easiest way that hacker employ to know about the run-
ning applications and hardware. They collect tons of useful information like service type
for example Apache Httpd and service version for example Apache Httpd 1.3.37. The most
popular tools used for performing banner grabbing are NETCAT and Telnet. With the tech-
