ByMohammed Muzzamil. H M.Tech(IS) Guided by Mrs.Ritu agarwal
Basically finger print generally is the finger impression of humans to identify the individuals
Device finger print is to identify the individual devices It is a compact summary of software and hardware settings collected from a remote computing device It is also called machine finger print
Passive: TCP/IP configuration OS finger print Hardware clock skew OSI layer based
Active: Invasive querying by the installation of executable codes on client machines Helps in finding the MAC address or unique serial numbers assigned to the device
one may infer client configuration parameters with the help of layers OSI Layer 7: FTP, HTTP, Telnet, TLS/SSL, DHCP OSI Layer 5: SNMP, NetBIOS OSI Layer 4: TCP, UDP OSI Layer 3: IPv4, IPv6, ICMP, IEEE 802.11 OSI Layer 2: SMB, CDP
Different operating systems, and different versions of the same operating system, set different defaults for these values Initial packet size (16 bits) Initial TTL (8 bits) Window size (16 bits) Max segment size (16 bits) Window scaling value (8 bits) "dont fragment" flag (1 bit) "sackOK" flag (1 bit) "nop" flag (1 bit) The values may be combined to form a 67-bit signature, or fingerprint, for the target machine With the help of the TTL and widow scaling we can find the OS
Jpcap is an open source library for capturing and sending network packets from Java applications. It provides facilities to: capture raw packets live from the wire. save captured packets to an offline file, and read captured packets from an offline file. automatically identify packet types and generate corresponding Java objects (for Ethernet, IPv4, IPv6, ARP/RARP, TCP, UDP, and ICMPv4 packets). Filter the packets according to user-specified rules before dispatching them to the application. send raw packets to the network
Version IP Header Length Size of Datagram Identification ( 16-bit number, together with the source address uniquely identifies this packet) Flags (a sequence of three flags (one of the 4 bits is unused)) Fragmentation Offset Time To Live (Number of hops /links which the packet may be routed over) Protocol (e.g. 1 = ICMP; 2= IGMP; 6 = TCP; 17= UDP). Header Checksum (Packets with an invalid checksum are discarded by all nodes in an IP network) Source Address (the IP address of the original sender of the packet) Destination Address (the IP address of the final destination of the packet) Options (when used, the IP header length will be greater than five 32-bit words)
OSI model TCP/IP finger printing OS fingerprinting Grouping all this we will get a strong signature or the device finger print
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.