[KLUG Members] OS Fingerprinting Tool

[Tony Gettig]

On Sun, 2004-01-04 at 20:39, Adam Williams wrote:
> Anyone know a good OS fingerprinting tool?  I want to automatcally ident
> the version of vidows running on a PC.
> 
> queso is dead.

Even if queso is dead, there might be some good info in this article:

http://www.insecure.org/nmap/nmap-fingerprinting-article.html


> 
> Xprobe2 thinks everything is XP with a certainty of 55%.

> nmap makes guesses like "Windows Millennium Edition (Me), Win 2000, or
> WinXP".  Oh, yea, thats helpful.  And it takes a very long time to do
> it.

Hmmm...there's got to be a better way to get that info. I checked out a
program called hping2 at freshmeat that listed os fingerprinting in its
description, but I haven't figured out how to get that info from it yet.
(I've only spent 5 or so minutes trying though.) 

I think nmap makes it's OS guess by matching the data in the packet it
gets back with a known signature. That signature is derived from knowing
what IP stack is on the other end. Or something like that. :) So Windows
ME, 2000, and XP must all have a very similar IP stack. 

Is there some way to send a packet, capture the reply to a text file,
then grep it for a known string to identify the OS for certain? 

There's got to be a better way and open source software to do it. There
are commercial tools like Languard that can positively identify a target
PC. 


Tony Gettig