another good too is X probe project by Ofir Arking and Fyodor http://www.sys-security.com/html/projects/X.html
As the webpage mentions, X probe doesn't use TCP , but instead, ICMP. It's also quicker and more efficient in that uses less packets to ID a remote OS. On 18 Dec 2001 00:14:24 +0100, gminick wrote: > On Sun, Dec 16, 2001 at 09:24:01PM +0100, you (roland kwitt) wrote: > > i am currently developing a network analysis tool > > and i am going to implement os fingerprinting as well > In other words - you're writing a network scanner ? ;) > > > if anybody of you guys has some experience considering > > this please let me know! > All you need is a good database of conducts on > various OSes tested with various packets. > Take a look at nmap, it has a great database > of fingerprints, and you'll find a good whitepaper > about TCP OS stack fingerprinting in nmap's package. > If you're interested in passive fingerprinting > take a look at Lance Spitzner's paper about it, > and lcamtuf's implementation of it (that application > is named p0f) > > Lance Spitzner: <http://www.enteract.com/~lspitz> > lcamtuf: <http://lcamtuf.coredump.cx> > nmap: <http://www.insecure.org/nmap/> > > If nmap is too huge to look at it sources, try > to find queso. > > HTH. > > -- > [ Wojtek gminick Walczak ][ http://hacker.pl/gminick/ ] > [ gminick (at) hacker.pl ][ gminick (at) klub.chip.pl ]