OS Fingerprinting

There are several techniques for remotely fingerprinting operating systems via network traffic. They can be divided broadly into two categories: active and passive.


The term operating system fingerprinting is a bit of a misnomer, as the term really refers to network stack fingerprinting. Because network stacks vary from OS to OS, the corresponding operating systems can be inferred by fingerprinting the network stack.

Active OS Fingerprinting with Nmap

With its user-contributed database of over 1,600 OS fingerprints, Nmap's -O option is probably the best-known active OS fingerprinting implementation. Nmap primarily utilizes the vagaries of TCP to guess the identity of remote operating systems, especially these:

  • The way a target ...

Get Linux Firewalls now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.