OS Fingerprinting

Demo
Request a NetScanTools Pro demo here.

Warning:
NEVER scan a computer you do not own or have the owner's permission to scan.

OS Fingerprinting Tool Description

OS (operating system) Fingerprinting - this is a fascinating subject that is of interest to the security community. There are many different ways to approach this subject. Some unix based programs (like nmap) do a very good job of fingerprinting operating systems using such means as TCP and UDP response characteristics. Of course, there are some simple ways to identify operating systems by observing banners or header from a web server, an ftp server or even a telnet or SMTP login banner. The method presented here is based upon the ICMP packet response research done by Ofir Arkin (www.sys-security.com). His paper is called ICMP Usage In Scanning and it has been the subject of magazine articles and discussions within the security community. The implementation here should be considered experimental and should not be considered a complete implementation of his research in this first version. The results you see using this tool may or may not be accurate, however, some operating systems lend themselves to very direct identification using only ICMP packets and those will be readily apparent.

Without getting too far into the operating specifics, this tool relies on sending four basic ICMP packet types to the target:

Standard Echo Request (Ping) packets.
Timestamp Request packets.
Information Request packets.
Subnet Mask Request packets.

We then look at the responses and send further variations of those four basic packet types. The responses of the target operating system are noted and use to classify the type of target operating system.

Screenshot - Successful Identification of an HP Network Connected 4050 printer

os fingerprinting screenshot