Identify the operating system Objective:
Will be enabled by default in some self-service or port when installing windows, by scanning the version of the operating system, you can get into the operating system comes with software vulnerabilities or service installed, you can use the operating system's own vulnerability to attack.
Of course, part of the safety plan also mentioned modify the operating system to identify means to mislead the attacker scanning means, but can not be completely shielded or modified, so based on a variety of scanners scan results to determine the overall target operating system.
Tools Nmap: open datagram recognition and fingerprint matching method based on port scanning
ip nmap -O
Options: -O only identify the operating system
I love the little students: two days to try to break it down hohoho
xprobe2: a capture identify the operating system software, the result is not accurately identify the large range
Usage: xprobe2 IP
Passive scanning method:
Scan tool does not take the initiative to send a request to the target, the target operating system perform packet capture analysis based network monitoring.
1. A method implemented in a network outlet Ethereal deployment, capture can be analyzed by an external communication network.
2. Switch to mirror port
3. capture by ARP spoofing
Passive scanning tools: p0f