In passive OS fingerprinting, an attacker installs a sniffer on any third party such as a router on which the victim communicates frequently. Now he studies the sniffer’s log and responses, and receives hints about the remote OS with the help of the following parameters:

* TTL values: This is Time To Live Value for any packet sent by any host.
* The window size: For many operating systems, the initial window size value is fixed.
* Don’t Fragment bit (DF): Some operating systems keep the DF bit on, and some do not.
* Type of service: The type of service value varies from OS to OS.

When an attacker identifies these values from sniffer’s logs, he matches them with his database of known signatures of operating systems and receives a clue about which OS is running on the remote computer.

Explore More

What is Buffer Overflows?

Buffer Overflows Buffer Overflows have been around since the very beginnings of the Von-Neuman architecture. They first gained widespread notoriety in 1988 with the Morris Internet worm. Unfortunately, the same

Read More

Tips and Tricks about Gmail

While Web-based email is nothing new, Gmail introduces some new and unique concepts. Managing email has become very easy while at the same time having powerful tools to find and

Read More

Registry Tips and Tricks

Display Your Quick Launch ToolbarTip: Is your Quick Launch toolbar missing from the taskbar? To display your familiar Quick Launch toolbar: Right-click an empty area on the taskbar, click Toolbars,

Read More