Operating system fingerprinting
At this point of the information gathering process, we should now have documented a list of IP addresses, active machines, and open ports identified from the target organization. The next step in the process is determining the running operating system of the active machines in order to know the type of systems we're pentesting.
Getting ready
A Wireshark capture file is needed in order to complete step 2 of this recipe.
How to do it...
Let's begin the process of OS fingerprinting from a terminal window:
Using Nmap, we issue the following command with the
-Ooption to enable the OS detection feature:nmap -O 192.168.56.102
Use
p0fto analyze a Wireshark capture file:p0f -s /tmp/targethost.pcap -o p0f-result.log -l p0f - passive os fingerprinting utility, version 2.0.8 (C) M. Zalewski <lcamtuf@dione.cc>, W. Stearns <wstearns@pobox.com> p0f: listening (SYN) on 'targethost.pcap', 230 sigs (16 generic), rule: 'all'. [+] End of input file.
