Howdy:

I’m going to start a new event and call it “The Backyard Blog”.

In this episode we are going to explore Operating System Fingerprinting tools;

• what they are,

• what they do, and

• why one would use them.

I researched three different tools:

• SANS Penetration testing from the SANS Institute

• Netscan from CreaSoftware

• Nmap from Nmap.org

"About SANS Penetration Testing." Community. Web. 25 Feb. 2016. <http://pen-testing.sans.org/about#mission>.

SANS Mission Statement:

“To give Security Professionals the tools and expertise they need to conduct high-value penetration testing focused on discovering and exploiting vulnerabilities to determine and reduce business risk.”

I find this mission statement to be a perfect explanation of what an OS fingerprinting tool is.

An Operating System fingerprinting tool captures packets of data being sent from one computer to another, or one network to another. With the proper knowledge of the tool, a network engineer can detect any intrusion of the network or any abuse of the network by someone from the inside.

A network technician would need tools such as these to protect important data/information from falling into the wrong hands. One can also detect any vulnerabilities and guard against them.

"OS Fingerprinting Tool Description." OS Fingerprinting. Web. 25 Feb. 2016. <http://www.netscantools.com/nstpro_os_fingerprinting.html>.

OS Fingerprinting Tool Description

OS (operating system) Fingerprinting - this is a fascinating subject that is of interest to the security community. There are many different ways to approach this subject. Some unix based programs (like nmap) do a very good job of fingerprinting operating systems using such means as TCP and UDP response characteristics. Of course, there are some simple ways to identify operating systems by observing banners or header from a web server, an ftp server or even a telnet or SMTP login banner. The method presented here is based upon the ICMP packet response research done by Ofir Arkin (www.sys-security.com). His paper is called “ICMP Usage In Scanning” and it has been the subject of magazine articles and discussions within the security community. The implementation here should be considered experimental and should not be considered a complete implementation of his research in this first version. The results you see using this tool may or may not be accurate, however, some operating systems lend themselves to very direct identification using only ICMP packets and those will be readily apparent.

Without getting too far into the operating specifics, this tool relies on sending altered versions of basic ICMP packet types to the target:

We then look at the responses and send further variations of those basic packet types. The responses of the target operating system are noted and use to classify the type of target operating system.

I downloaded a demo copy of NetScan and pinged Old Smokey. He must be sleeping or as the message states, there is a block on him.

Upon further investigation, “Old Smokey” wasn’t even on line. Ooops.

These are changeable settings for enhanced pinging.

I worked with Network Connection Points scan and found a bunch of .exe files in listening mode. Avast, and svchost .exe were among these.

I also did a DNS Traffic Monitor scan, which showed the IP addresses of the destinations I visited. All in all, this is quite the package. Lots of different utilities enclosed in one tool. Just as the company stated.

These references are to nmap websites. Nmap pretty much has the same options as the others. I played with nmap for a while, but prefer Netscan for its simplicity of use.

“OS Detection." OS Detection. Web. 25 Feb. 2016. <https://nmap.org/book/man-os-detection.html>.

"Download the Free Nmap Security Scanner for Linux/MAC/UNIX or Windows." Download the Free Nmap Security Scanner for Linux/MAC/UNIX or Windows. Web. 25 Feb. 2016. <https://nmap.org/download.html>.