another good too is X probe project by Ofir Arking and Fyodor

http://www.sys-security.com/html/projects/X.html

As the webpage mentions, X probe doesn't use TCP , but instead, ICMP.
It's also quicker and more efficient in that uses less packets to ID a
remote OS.



On 18 Dec 2001 00:14:24 +0100, gminick wrote:
> On Sun, Dec 16, 2001 at 09:24:01PM +0100, you (roland kwitt) wrote:
> > i am currently developing a network analysis tool
> > and i am going to implement os fingerprinting as well
> In other words - you're writing a network scanner ? ;)
> 
> > if anybody of you guys has some experience considering
> > this please let me know!
> All you need is a good database of conducts on 
> various OSes tested with various packets.
> Take a look at nmap, it has a great database
> of fingerprints, and you'll find a good whitepaper
> about TCP OS stack fingerprinting in nmap's package.
> If you're interested in passive fingerprinting
> take a look at Lance Spitzner's paper about it,
> and lcamtuf's implementation of it (that application
> is named p0f)
> 
> Lance Spitzner: <http://www.enteract.com/~lspitz>
> lcamtuf: <http://lcamtuf.coredump.cx>
> nmap: <http://www.insecure.org/nmap/>
> 
> If nmap is too huge to look at it sources, try
> to find queso.
> 
> HTH.
> 
> -- 
> [ Wojtek gminick Walczak ][ http://hacker.pl/gminick/ ]
> [ gminick (at) hacker.pl ][ gminick (at) klub.chip.pl ]

Reply via email to