
Technical (Bottom-Up) Methodology 127
ports that respond (see Exhibit 33). For example, TCP ports 137, 138, and 139
correspond to the Microsoft network access. While some Linux systems will
respond on these ports, it is generally the domain of only Microsoft machines.
The other way in which the tools can fingerprint the OS is through TCP
sequence prediction. Inside TCP communications, a sequence number is used
on the packets to help keep the information flow moving smoothly and in
the correct order. However, certain OSs respond to TCP communication with
an easy-to-predict TCP sequence number, and through the sequence number
increment the tools can make ...