I am taking part in a practice sandbox, and have a pcap file in Wireshark: with the traffic depicting a Vertical Port Scan. Is there anyway to find out the "victim"'s Operating System? The packets are all TCP SYNs, and I tried to filter http GET requests (information can be in User Agent) but there are none. Any help would be much appreciated.
Asked
Active
Viewed 290 times
1
-
An internet search for "passive os fingerprinting" returns many useful results. – multithr3at3d Feb 24 '19 at 17:08
-
1Thank you for teaching me what this technique is called. I am relatively new to the hacker space, as you _just might_ be able to tell ;-). – PrinceOfCreation Feb 24 '19 at 17:27
1 Answers
1
Probably you should use http://lcamtuf.coredump.cx/p0f3/, this is a good tool for start to understand passive os detection, but bear in mind that there is techniques to fake the results but definitively a good starting point
camp0
- 2,172
- 1
- 10
- 10
-
This is certainly one method, but there are plenty of others (even using `nmap`). – forest Feb 25 '19 at 08:51