Langsung ke konten utama

Share All Over The World

Cari Blog Ini

Remote OS Detection

Dapatkan link
Facebook
X
Pinterest
Email
Aplikasi Lainnya

Table of Contents

Introduction

Reasons for OS Detection

Determining vulnerability of target hosts
Tailoring exploits
Network inventory and support
Detecting unauthorized and dangerous devices
Social engineering

Usage and Examples

TCP/IP Fingerprinting Methods Supported by Nmap

Probes Sent

Sequence generation (SEQ, OPS, WIN, and T1)
ICMP echo (IE)
TCP explicit congestion notification (ECN)
TCP (T2–T7)
UDP (U1)

Response Tests

TCP ISN greatest common divisor (GCD)
TCP ISN counter rate (ISR)
TCP ISN sequence predictability index (SP)
TCP IP ID sequence generation algorithm (TI)
ICMP IP ID sequence generation algorithm (II)
Shared IP ID sequence Boolean (SS)
TCP timestamp option algorithm (TS)
TCP options (O, 01–06)
TCP initial window size (W, W1–W6)
Responsiveness (R)
IP don't fragment bit (DF)
Don't fragment (ICMP) (DFI)
IP initial time-to-live (T)
IP initial time-to-live guess (TG)
Explicit congestion notification (CC)
TCP miscellaneous quirks (Q)
TCP sequence number (S)
ICMP sequence number(SI)
TCP acknowledgment number (A)
TCP flags (F)
TCP RST data checksum (RD)
IP type of service (TOS)
IP type of service for ICMP responses (TOSI)
IP total length (IPL)
Unused port unreachable field nonzero (UN)
Returned probe IP total length value (RIPL)
Returned probe IP ID value (RID)
Integrity of returned probe IP checksum value (RIPCK)
Integrity of returned probe UDP length and checksum (RUL and RUCK)
Integrity of returned UDP data (RUD)
ICMP response code (CD)
IP data length for ICMP responses (DLI)

Fingerprinting Methods Avoided by Nmap

Passive Fingerprinting
Exploit Chronology
Retransmission Times
IP Fragmentation
Open Port Patterns

Understanding an Nmap Fingerprint

Decoding the Subject Fingerprint Format

Decoding the SCAN line of a subject fingerprint

Decoding the Reference Fingerprint Format

Free-form OS description (Fingerprint line)
Device and OS classification (Class lines)
Test expressions

OS Matching Algorithms

Dealing with Misidentified and Unidentified Hosts

When Nmap Guesses Wrong
When Nmap Fails to Find a Match and Prints a Fingerprint
Modifying the nmap-os-db Database Yourself

Dapatkan link
Facebook
X
Pinterest
Email
Aplikasi Lainnya

Komentar

Posting Komentar

Postingan Populer

Top 100 Network Security Tools 2

Welcome to page 2 of the top network security tools site, covering tools ranked #26-50. Survey methedology and icon descriptions can be found on page 1 . #26 Perl / Python / Ruby : Portable, general-purpose scripting languages While many canned security tools are available on this site for handling common tasks, scripting languages allow you to write your own (or modify existing ones) when you need something more custom. Quick, portable scripts can test, exploit, or even fix systems. Archives like CPAN are filled with modules such as Net::RawIP and protocol implementations to make your tasks even easier. #27 8 L0phtcrack : Windows password auditing and recovery application L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numer...

NMAP Documentation

Documentation The Nmap project tries to defy the stereotype of some open source software being poorly documented by providing a comprehensive set of documentation for installing and using Nmap. This page links to official Insecure.Org documentation, and generous contributions from other parties. Nmap Reference Guide The primary documentation for using Nmap is the Nmap Reference Guide . This is also the basis for the Nmap man page ( nroff version of nmap.1 ). It was rewritten from scratch in late 2005 and is meant to serve as a quick-reference to virtually all Nmap command-line arguments, but you can learn even more about Nmap by reading it straight through. The 18 sections include Brief Options Summary , Firewall/IDS Evasion and Spoofing , Timing and Performance , Port Scanning Techniques , Usage Examples , and much more. We have been overwhelmed by offers to translate the man page to other languages. That is fantastic, as it makes Nmap more accessible around the world. The fo...

Praktis seluruh planet telah mendengar tentang Ubuntu karena itu kolosal mesin pemasaran, free CD's, komunitas online yang besar dan pengguna terkait blog. Belum lagi sekarang berganti nama menjadi DiggBuntu, yang digunakan untuk menjadi bagian Linux Digg. Ubuntu menduduki tangga lagu di Distrowatch sejak rilis itu, diikuti oleh yang lain suka Top 10 distro seperti Debian (ayah dari Ubuntu), Mint, Fedora, Suse, Mandriva et al. Tapi bagaimana dengan semua distro lain yang belum berhasil sampai ke Distrowatch belum? Aku mengunjungi Distrowatch sehari-hari, dan juga memiliki RSS feed di sini, di Total Linux daftar rilis terbaru, dan hanya baru-baru ini saya melihat daftar tunggu panjang proyek-proyek baru yang berharap bahwa suatu titik di Distrowatch akan meluncurkan mereka untuk ÜberStardom, atau bahkan ÜbuStardom Check out dari daftar tunggu di bawah, Anda tidak pernah tahu, Anda mungkin menemukan sedikit batu permata yang tersembunyi dari sebuah distro yang belum mempunyai duk...

Diberdayakan oleh Blogger