Operating System Fingerprinting Features in Captured Network Packets

1 minute read

Different tools use different parameters for operating system fingerprinting. Even researchers also look for these features to identify certain operating systems.

The most common features are TTL and Window_Size that are implemented with different values across different operating systems. However, there are other features that are used to fingerprint an operating system.

Here, I listed these features from this paper.

1) ver: IP protocol version. 2) ittl: Initial TTL used by the OS. 3) olen: Length of IPv4 options or IPv6 extension headers. 4) Maximum Segment Size (MSS): sometimes specified in TCP Options for segmentation. 5) wsize: Window Size, a fixed random value or a multiple of MSS, of MTU. 6) scale: Window Scaling factor, if specified in TCP Options. 7) olayout: Comma-delimited layout and ordering of TCP Options. For example, no-op option, maximum segment size, window scaling, selective ACK permitted, timestamp. 8) quirks: Comma-delimited properties in IP or TCP headers. 9) pclass: Payload size.

If you want to learn more about fingerprinting tools and processes, go through the following posts of mine:

Passive Operating System Fingerprinting by Analyzing PCAP files

Convert PCAP files to CSV for Network Traffic Analysis

References

A Deception Based Approach for Defeating OS and Service Fingerprinting

Share on

Twitter Facebook LinkedIn

Shanto Roy

Operating System Fingerprinting Features in Captured Network Packets

References

Share on

Leave a comment

You may also enjoy

Promotion: Earn $100 Bonus! Open a Chime Account Today with This Referral Link

Digital Nomad Goals: A new Blog for Travel Enthusiasts and Digital Nomads

#100daysofSRE (Day 21): How to use Supervisor to manage a script on Linux

Free Cyber Security Courses and Certifications to Boost Your Skills