1

I have searched online about this topic and the only information I got is that TCP SYN/ACK can be used to know the type of the target OS. If that is true, I don't understand how this occurs? Does TCP handshaking lead to OS fingerprinting?

forest
  • 64,616
  • 20
  • 206
  • 257
Steve
  • 135
  • 1
  • 1
  • 5
  • 6
    Have you read [OS Detection](https://nmap.org/book/man-os-detection.html) from nmap? They [wrote the book](https://nmap.org/book/osdetect.html) on it. – gowenfawr Apr 17 '16 at 21:56
  • There's also the [`p0f`](http://lcamtuf.coredump.cx/p0f3/) tool, which can provide some clues/ideas of how such fingerprinting can be done. – Castaglia Apr 17 '16 at 22:14

1 Answers1

3

OS detection goes a lot further, using all kind of data of the IP and TCP headers fields. If you're into reading, "Silence on the Wire" by Michal Zalewski addresses a lot on this topic.

AJK
  • 31
  • 2