tcpdump ile pasif isletim sistemi saptama

OpenBSD 4.1 ile birlikte gelen yeniliklerden biri de tcpdump’a -o parametresinin eklenmesi. -o ile tcpdump dinledigi paketlerden isletim sistemi saptamasi yapabiliyor… Boylece paketleri izlerken hangi isletim sisteminden geldigini de gorebiliyorsunuz. Darisi diger OS’larin basina:)

dunya-fw## tcpdump -i bge0 -tttnn -o
Apr 30 12:19:09.091484 192.168.1.130.1112 > 7.4.21.17.80: S (src OS: Windows XP SP1, Windows 2000 SP4) 3794461793:3794461793(0) win 65535 (DF)

Apr 30 12:19:09.533576 192.168.1.130.1113 > 9.2.3.0.80: S (src OS: Windows XP SP1, Windows 2000 SP4) 4229333025:4229333025(0) win 65535 (DF)

Apr 30 12:19:09.091484 192.168.10.130.1112 > 72.14.221.147.80: S (src OS: Windows XP SP1, Windows 2000 SP4) 3794461793:3794461793(0) win 65535 (DF)

Apr 30 12:19:09.533576 192.168.10.130.1113 > 209.62.13.50.80: S (src OS: Windows XP SP1, Windows 2000 SP4) 4229333025:4229333025(0) win 65535 (DF)

man tcpdump der ki:

-o Print a guess of the possible operating system(s) of hosts that
sent TCP SYN packets. See pf.os(5) for a description of the
passive operating system fingerprints.

burdan ogrendik!

This entry was posted in OpenBSD. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

three + four =