Device finger printing


Published on

I have done this presentation for my self study seminar in my mtech

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Device finger printing

  1. 1. ByMohammed Muzzamil. H M.Tech(IS) Guided by Mrs.Ritu agarwal
  2. 2.  Basically finger print generally is the finger impression of humans to identify the individuals
  3. 3.  Device finger print is to identify the individual devices It is a compact summary of software and hardware settings collected from a remote computing device It is also called machine finger print
  4. 4.  Passive:  TCP/IP configuration  OS finger print  Hardware clock skew  OSI layer based
  5. 5.  Active:  Invasive querying by the installation of executable codes on client machines  Helps in finding the MAC address or unique serial numbers assigned to the device
  6. 6. one may infer client configuration parameters with the help of layers OSI Layer 7: FTP, HTTP, Telnet, TLS/SSL, DHCP OSI Layer 5: SNMP, NetBIOS OSI Layer 4: TCP, UDP OSI Layer 3: IPv4, IPv6, ICMP, IEEE 802.11 OSI Layer 2: SMB, CDP[9]
  7. 7.  Different operating systems, and different versions of the same operating system, set different defaults for these values Initial packet size (16 bits) Initial TTL (8 bits) Window size (16 bits) Max segment size (16 bits) Window scaling value (8 bits) "dont fragment" flag (1 bit) "sackOK" flag (1 bit) "nop" flag (1 bit) The values may be combined to form a 67-bit signature, or fingerprint, for the target machine With the help of the TTL and widow scaling we can find the OS
  8. 8.  Jpcap is an open source library for capturing and sending network packets from Java applications. It provides facilities to:  capture raw packets live from the wire.  save captured packets to an offline file, and read captured packets from an offline file.  automatically identify packet types and generate corresponding Java objects (for Ethernet, IPv4, IPv6, ARP/RARP, TCP, UDP, and ICMPv4 packets).  Filter the packets according to user-specified rules before dispatching them to the application.  send raw packets to the network
  9. 9.  Version IP Header Length Size of Datagram Identification ( 16-bit number, together with the source address uniquely identifies this packet) Flags (a sequence of three flags (one of the 4 bits is unused)) Fragmentation Offset Time To Live (Number of hops /links which the packet may be routed over) Protocol (e.g. 1 = ICMP; 2= IGMP; 6 = TCP; 17= UDP). Header Checksum (Packets with an invalid checksum are discarded by all nodes in an IP network) Source Address (the IP address of the original sender of the packet) Destination Address (the IP address of the final destination of the packet) Options (when used, the IP header length will be greater than five 32-bit words)
  10. 10.  OSI model TCP/IP finger printing OS fingerprinting  Grouping all this we will get a strong signature or the device finger print