OS FingerPrinting Paper 1.0 and Satori tool

I know what you are probably thinking; this is yet another paper on Active and Passive network OS detection and Scanning Techniques OR this is a scare tactic to finally get management to listen. Well it is and it isn’t, on both cases. It started, primarily as a paper on passive fingerprinting, that dips a bit into this and that along the way trying to give you a broad enough understanding of everything that has come before so that the new stuff makes sense. Without understanding how they are doing it, or what has happened in the past, parts of the new ideas or techniques will mean little to you. Perhaps in the end they will mean little to you anyway. I won’t go into the specifics of all of the different types of active/passive OS detection techniques, but I will cover some of the major and unique ones...

Read the article (pdf) by Eric Kollmann.

Satori: Uses WinPCap 3.1 (not tested with 4 beta yet), listens on the wire for all traffic and does OS Identification based on what it sees. Main things it works to identify are: Windows Machines, HP devices (that use HP Switch Protocol), Cisco devices (that do CDP packets), IP Phones (that send out Skinny packets), plus some other things. Still early on, will make many changes and will add whatever features are requested, so just send them with packet captures if possible!

A software created by him.