|
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote machine's operating system (aka, OS fingerprinting), or incorporated into a device fingerprint. == TCP/IP Fingerprint Specifics == Certain parameters within the TCP protocol definition are left up to the implementation. Different operating systems, and different versions of the same operating system, set different defaults for these values. By collecting and examining these values, one may differentiate among various operating systems, and implementations of TCP/IP. The TCP/IP fields that may vary include the following: * Initial packet size (16 bits) * Initial TTL (8 bits) * Window size (16 bits) * Max segment size (16 bits) * Window scaling value (8 bits) * "don't fragment" flag (1 bit) * "sackOK" flag (1 bit) * "nop" flag (1 bit) These values may be combined to form a 67-bit signature, or fingerprint, for the target machine.〔Chuvakin A. and Peikari, C: "Security Warrior.", page 229. O'Reilly Media Inc., 2004.〕 Just inspecting the Initial TTL and window size fields is often enough in order to successfully identify an operating system, which eases the task of performing manual OS fingerprinting. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「TCP/IP stack fingerprinting」の詳細全文を読む スポンサード リンク
|