When someone with half a clue decides to attack your system, he or she will first try to identify the operating system. Not every attack proceeds this way: Script kiddies probe huge address spaces looking for any system with a particular port open, which indicates that just maybe that system will be vulnerable. But for the professional penetration tester or hacker, identifying the operating system is an essential step in probing. . . .
When someone with half a clue decides to attack your system, he or she will first try to identify the operating system. Not every attack proceeds this way: Script kiddies probe huge address spaces looking for any system with a particular port open, which indicates that just maybe that system will be vulnerable. But for the professional penetration tester or hacker, identifying the operating system is an essential step in probing.

The king of stack fingerprinting programs today is Network Map, or nmap. The author of the nmap program, who goes by the name Fyodor, has written a paper on the subject, in which he discusses TCP options and their usefulness in identifying operating systems via stack fingerprinting (see Resources). This column goes deeper into TCP options and how they are used by TCP/IP and nmap.

The link for this article located at Network gazine is no longer available.