Tools that do operating system fingerprinting are a hacker's dream. They make it ridiculously simple to identify easy targets. Run Nmap against a target, learn what OS version it's running, and then look for a set of attack tools that can . . .
Tools that do operating system fingerprinting are a hacker's dream. They make it ridiculously simple to identify easy targets. Run Nmap against a target, learn what OS version it's running, and then look for a set of attack tools that can take out that particular release. Fortunately for us (the good guys), most fingerprinting scans leave distinctive patterns that are easily detected by a decent IDS. But aside from that, the good guys can also use a powerful OS fingerprinting technique called Passive Operating System Fingerprinting (POF). Several POF tools are available; the original is called "p0f" (with a zero), co-created by Michael Zalewski and Bill Stearns.

POF is invisible, silent and nonintrusive. Unlike active fingerprinting tools such as Nmap, POF operates only as a sniffer and generates no packets. This is extremely important, because that means it won't interfere with legitimate traffic, and it won't force you and your IDS to worry about which scans are legitimate and which are not. Since it's run on the target network, it's not particularly useful as a hacking tool--hackers will continue to prefer active scanning techniques such as Nmap.