Langsung ke konten utama

Share All Over The World

Cari Blog Ini

Remote OS Detection

Dapatkan link
Facebook
X
Pinterest
Email
Aplikasi Lainnya

Table of Contents

Introduction

Reasons for OS Detection

Determining vulnerability of target hosts
Tailoring exploits
Network inventory and support
Detecting unauthorized and dangerous devices
Social engineering

Usage and Examples

TCP/IP Fingerprinting Methods Supported by Nmap

Probes Sent

Sequence generation (SEQ, OPS, WIN, and T1)
ICMP echo (IE)
TCP explicit congestion notification (ECN)
TCP (T2–T7)
UDP (U1)

Response Tests

TCP ISN greatest common divisor (GCD)
TCP ISN counter rate (ISR)
TCP ISN sequence predictability index (SP)
TCP IP ID sequence generation algorithm (TI)
ICMP IP ID sequence generation algorithm (II)
Shared IP ID sequence Boolean (SS)
TCP timestamp option algorithm (TS)
TCP options (O, 01–06)
TCP initial window size (W, W1–W6)
Responsiveness (R)
IP don't fragment bit (DF)
Don't fragment (ICMP) (DFI)
IP initial time-to-live (T)
IP initial time-to-live guess (TG)
Explicit congestion notification (CC)
TCP miscellaneous quirks (Q)
TCP sequence number (S)
ICMP sequence number(SI)
TCP acknowledgment number (A)
TCP flags (F)
TCP RST data checksum (RD)
IP type of service (TOS)
IP type of service for ICMP responses (TOSI)
IP total length (IPL)
Unused port unreachable field nonzero (UN)
Returned probe IP total length value (RIPL)
Returned probe IP ID value (RID)
Integrity of returned probe IP checksum value (RIPCK)
Integrity of returned probe UDP length and checksum (RUL and RUCK)
Integrity of returned UDP data (RUD)
ICMP response code (CD)
IP data length for ICMP responses (DLI)

Fingerprinting Methods Avoided by Nmap

Passive Fingerprinting
Exploit Chronology
Retransmission Times
IP Fragmentation
Open Port Patterns

Understanding an Nmap Fingerprint

Decoding the Subject Fingerprint Format

Decoding the SCAN line of a subject fingerprint

Decoding the Reference Fingerprint Format

Free-form OS description (Fingerprint line)
Device and OS classification (Class lines)
Test expressions

OS Matching Algorithms

Dealing with Misidentified and Unidentified Hosts

When Nmap Guesses Wrong
When Nmap Fails to Find a Match and Prints a Fingerprint
Modifying the nmap-os-db Database Yourself

Dapatkan link
Facebook
X
Pinterest
Email
Aplikasi Lainnya

Komentar

Posting Komentar

Postingan Populer

Slackware Linux Essentials

Slackware Linux Essentials Alan Hicks Chris Lumens David Cantrell Logan Johnson Copyright © 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 Slackware Linux, Inc. Slackware Linux is a registered trademark of Patrick Volkerding and Slackware Linux, Inc. Linux is a registered trademark of Linus Torvalds. America Online and AOL are registered trademarks of America Online, Inc. in the United States and/or other countries. Apple, FireWire, Mac, Macintosh, Mac OS, Quicktime, and TrueType are trademarks of Apple Computer, Inc., registered in the United States and other countries. IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both. IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States. Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks...

NMAP Documentation

Documentation The Nmap project tries to defy the stereotype of some open source software being poorly documented by providing a comprehensive set of documentation for installing and using Nmap. This page links to official Insecure.Org documentation, and generous contributions from other parties. Nmap Reference Guide The primary documentation for using Nmap is the Nmap Reference Guide . This is also the basis for the Nmap man page ( nroff version of nmap.1 ). It was rewritten from scratch in late 2005 and is meant to serve as a quick-reference to virtually all Nmap command-line arguments, but you can learn even more about Nmap by reading it straight through. The 18 sections include Brief Options Summary , Firewall/IDS Evasion and Spoofing , Timing and Performance , Port Scanning Techniques , Usage Examples , and much more. We have been overwhelmed by offers to translate the man page to other languages. That is fantastic, as it makes Nmap more accessible around the world. The fo...

Top 100 Network Security Tools 2

Welcome to page 2 of the top network security tools site, covering tools ranked #26-50. Survey methedology and icon descriptions can be found on page 1 . #26 Perl / Python / Ruby : Portable, general-purpose scripting languages While many canned security tools are available on this site for handling common tasks, scripting languages allow you to write your own (or modify existing ones) when you need something more custom. Quick, portable scripts can test, exploit, or even fix systems. Archives like CPAN are filled with modules such as Net::RawIP and protocol implementations to make your tasks even easier. #27 8 L0phtcrack : Windows password auditing and recovery application L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numer...

Diberdayakan oleh Blogger