TCP/IP fingerprinting methods supported by Nmap
In the past, the banner grabbing method was used to detect remote operating systems. Telnet Connect used to be sent to a targeted system and the system would display a banner of the operating system running on a host. This was not a very accurate method as the system admin could also disable a banner or change the actual banner in order to misguide attackers.
The new method of remote OS detection is to analyze the packet between the source and destination. This detection technique detects OS platforms and OS versions as well.
TCP/UDP/IP basic
To use an analogy, if IPs are a building address, service ports are flat numbers. Both TCP and UDP uses incoming and outgoing ports for data communication. Most IP-based services use standard ports (HTTP TCP:80
, SMTP TCP:25
, and DNS TCP-UDP:53
).
TCP stack has six flag message types to complete a three-way handshake:
Here is a packet capture for one of the websites I opened on the web browser. This shows a...