The first thing we're going to look at is server-side attacks. These are attacks that don't require user interaction. We can use these attacks with web servers, and also use them against normal computers that people use every day. The reason why we are going to be using it against my Metasploitable (which runs Unix, and which is more of a server than a normal personal computer) is because if our target uses a personal computer, and if they're not on the same network as us, then even if we manage to get their IP address, their IP address is going to be behind a router. They'll probably be connecting through a router, and therefore, if we use the IP to try and determine what operating systems run on it and what applications ...