[KLUG Members] OS Fingerprinting Tool
Tony Gettig
members@kalamazoolinux.org
Sun, 04 Jan 2004 22:44:35 -0500
On Sun, 2004-01-04 at 20:39, Adam Williams wrote:
> Anyone know a good OS fingerprinting tool? I want to automatcally ident
> the version of vidows running on a PC.
>
> queso is dead.
Even if queso is dead, there might be some good info in this article:
http://www.insecure.org/nmap/nmap-fingerprinting-article.html
>
> Xprobe2 thinks everything is XP with a certainty of 55%.
> nmap makes guesses like "Windows Millennium Edition (Me), Win 2000, or
> WinXP". Oh, yea, thats helpful. And it takes a very long time to do
> it.
Hmmm...there's got to be a better way to get that info. I checked out a
program called hping2 at freshmeat that listed os fingerprinting in its
description, but I haven't figured out how to get that info from it yet.
(I've only spent 5 or so minutes trying though.)
I think nmap makes it's OS guess by matching the data in the packet it
gets back with a known signature. That signature is derived from knowing
what IP stack is on the other end. Or something like that. :) So Windows
ME, 2000, and XP must all have a very similar IP stack.
Is there some way to send a packet, capture the reply to a text file,
then grep it for a known string to identify the OS for certain?
There's got to be a better way and open source software to do it. There
are commercial tools like Languard that can positively identify a target
PC.
Tony Gettig