OS Fingerprinting

After we know that the target machine is live, we can then find out the operating system used by the target machine. This method is commonly known as Operating\ System (OS) fingerprinting. There are two methods for doing OS fingerprinting: active and passive.

In the active method, the tool sends network packets to the target machine and then it determines the operating system of the target machine based on the analysis done on the response it received. The advantage of this method is that the fingerprinting process is fast. However, the disadvantage is that the target machine may notice our attempt to get its operating system information.

To overcome the active method disadvantage, there exists a passive method for OS fingerprinting. This method was pioneered by Michal Zalewsky when he released a tool called p0f. The disadvantage of the passive method is that the process will be slower compared to the active method.

BackTrack comes with several tools for doing OS fingerprinting. Those tools can be accessed in the BackTrack | Network Mapping | OS-Fingerprinting menu

Here I tried p0f and xprobe2 where pof is a tool used to fingerprint an OS passively where p0f is an active OS fingerprinting

This is how to use the p0f

Type #p0f –o p0f.log This will save the log information to the pof.log file.

try to connect to the target from the browser or let the target to connect to you to gain the information of the OS used.

This is the content of p0f.log

This is how to use the xprobe2

#xprobe2 192.168.137.131

The following is the result of xprobe2

To prevent somebody to scan the OS that you use I have attach a link to protect your system from the OS finger printing http://oreilly.com/pub/h/1347