19 lines
658 B
Plaintext
19 lines
658 B
Plaintext
How we can determine the remote OS using simple TCP packets? Well,
|
|
it's easy, they're packets that don't make any sense, so the RFCs
|
|
don't clearly state what to answer in this case. Facing this
|
|
ambiguity, each TCP/IP stack takes a different approach to the
|
|
problem, and is why, we get a different response. In some cases
|
|
(like Linux) programming mistakes make the OS detectable.
|
|
|
|
QueSO sends:
|
|
|
|
0 SYN * THIS IS VALID, used to verify LISTEN
|
|
1 SYN+ACK
|
|
2 FIN
|
|
3 FIN+ACK
|
|
4 SYN+FIN
|
|
5 PSH
|
|
6 SYN+XXX+YYY * XXX & YYY are unused TCP flags
|
|
|
|
All packets have a random seq_num and a 0x0 ack_num.
|