On Sun, Dec 16, 2001 at 09:24:01PM +0100, you (roland kwitt) wrote: > i am currently developing a network analysis tool > and i am going to implement os fingerprinting as well In other words - you're writing a network scanner ? ;)
> if anybody of you guys has some experience considering > this please let me know! All you need is a good database of conducts on various OSes tested with various packets. Take a look at nmap, it has a great database of fingerprints, and you'll find a good whitepaper about TCP OS stack fingerprinting in nmap's package. If you're interested in passive fingerprinting take a look at Lance Spitzner's paper about it, and lcamtuf's implementation of it (that application is named p0f) Lance Spitzner: <http://www.enteract.com/~lspitz> lcamtuf: <http://lcamtuf.coredump.cx> nmap: <http://www.insecure.org/nmap/> If nmap is too huge to look at it sources, try to find queso. HTH. -- [ Wojtek gminick Walczak ][ http://hacker.pl/gminick/ ] [ gminick (at) hacker.pl ][ gminick (at) klub.chip.pl ]
