Fingerprinting is a process in scanning phase in which an attacker tries to identify Operating System(OS) of target system. Fingerprinting can be classified into two types
-Active Stack Fingerprinting
-Passive Stack Fingerprinting
Active Stack Fingerprinting involves sending data to the target system and then see how it responds. Based on the fact that each system will respond differently, the response is compared with database and the OS is identified. It is commonly used method though there are high chances of getting detected. It can be performed by following ways.
Using Nmap: Nmap is a port scanning tool that can be used for active stack OS fingerprinting.
Syntax: nmap -O IP_address
Example: nmap -U 127.0.0.1
Using Xprobe: It is UNIX only active stack fingerprinting tool. Also runs on Linux, it can not only detect OS but also devices and their version numbers.
Syntax: xprobe2 -v IP_address
Example: xprobe -v 127.0.0.1
Passive Stack Fingerprinting involves examining traffic on network to determine the operating system. There is no guarantee that the fingerprint will be accurate but usually they are accurate. It generally means sniffing traffic rather than making actual contact and thus this method is stealthier and usually goes undetected. Passive stack fingerprinting can be performed in following ways.
Using p0f: It is passive fingerprinting tool. Both windows and Linux versions are available.
Open command prompt and type
it will list all Ethernet card available in your system, note the number of Ethernet on which your connection is running, in my case it is two. Now type “p0f -i card_number”
C:\p0f>p0f -i 2
Now try to connect to the system you want to fingerprint leaving command prompt open and p0f will detect OS.
In Linux you will need to install it first. If you are using Red Hat Linux and downloaded a rpm package then browse to the folder where you downloaded rpm package and run following command.
#rpm -i package_name
else if you have configured yum for download from repository type following commands.
# yum clean all
#yum install p0f
If you are using Debian based or Gentoo based Linux and downloaded deb package then browse to the folder and type following commands,
#dpkg -i package_name
else if you want to install from repository then use following commands
#apt-get install p0f
if you are using super user then don’t forget to prefix “sudo” before type “ap-get” command.
Now open command prompt and type following commands,
#p0f -i eth0 -vt
where “i” means interface “eth0” is your communicating card “v” means show results in verbose mode and “t” means add timestamps to output. Now try to connect to remote system and fingerprint its OS.
Go to the site of NetCraft and type IP address of target you want to fingerprint in “What’s that site is running”. It’ll give you its OS.
I hope that was quite easy, if you have any problems using any of the above tools then please don’t hesitate to ask. I am here to help, thanks for reading and keep visiting.