2. Basically finger print generally is the finger
impression of humans to identify the
individuals
3. Device finger print is to identify the individual
devices
It is a compact summary
of software and hardware settings collected
from a remote computing device
It is also called machine finger print
4. Passive:
TCP/IP configuration
OS finger print
Hardware clock skew
OSI layer based
5. Active:
Invasive querying by the installation of executable
codes on client machines
Helps in finding the MAC address or unique serial
numbers assigned to the device
6. one may infer client configuration
parameters with the help of layers
OSI Layer
7: FTP, HTTP, Telnet, TLS/SSL, DHCP
OSI Layer 5: SNMP, NetBIOS
OSI Layer 4: TCP, UDP
OSI Layer 3: IPv4, IPv6, ICMP, IEEE 802.11
OSI Layer 2: SMB, CDP[9]
7. Different operating systems, and different versions of the same
operating system, set different defaults for these values
Initial packet size (16 bits)
Initial TTL (8 bits)
Window size (16 bits)
Max segment size (16 bits)
Window scaling value (8 bits)
"don't fragment" flag (1 bit)
"sackOK" flag (1 bit)
"nop" flag (1 bit)
The values may be combined to form a 67-bit signature, or
fingerprint, for the target machine
With the help of the TTL and widow scaling we can find the OS
8. Jpcap is an open source library for capturing
and sending network packets from Java
applications. It provides facilities to:
capture raw packets live from the wire.
save captured packets to an offline file, and
read captured packets from an offline file.
automatically identify packet types and generate
corresponding Java objects (for
Ethernet, IPv4, IPv6, ARP/RARP, TCP, UDP, and
ICMPv4 packets).
Filter the packets according to user-specified rules
before dispatching them to the application.
send raw packets to the network
9. Version
IP Header Length
Size of Datagram
Identification ( 16-bit number, together with the source address
uniquely identifies this packet)
Flags (a sequence of three flags (one of the 4 bits is unused))
Fragmentation Offset
Time To Live (Number of hops /links which the packet may be routed
over)
Protocol (e.g. 1 = ICMP; 2= IGMP; 6 = TCP; 17= UDP).
Header Checksum (Packets with an invalid checksum are discarded by
all nodes in an IP network)
Source Address (the IP address of the original sender of the packet)
Destination Address (the IP address of the final destination of the packet)
Options (when used, the IP header length will be greater than five 32-bit
words)
10. OSI model
TCP/IP finger printing
OS fingerprinting
Grouping all this we will get a strong signature or
the device finger print