A means of ascertaining the operating system of a remote computer on the Internet. Fingerprinting is more generally used to detect specific versions of applications or protocols that are run on Internet servers. Fingerprinting can be accomplished “passively” by sniffing network packets passing between hosts, or it can be accomplished “actively” by transmitting specially created packets to the target machine and analyzing the response.
White Hats and Black Hats map remote networks and the services provided in them to determine which vulnerabilities might be present to exploit. Security-conscious system operators change the default settings of the network subsystems on their computers to fool fingerprinting tools.
Three types of fingerprinting tools commonly employed include queSO (Spanish abbreviation for “which operating system?”), nmap (a popular flexible scanner), and Xprobe2 (an innovative tool based on a fuzzy-logic scoring system). Other excellent examples of fingerprinting tools are netcraft and httprint.
Passive fingerprinting is nonintrusive. It merely observes the traffic on the network to determine the type and version of an operating system or application, but it does not actively probe the target by sending data, thus avoiding detection.
Trowbridge, C. An Overview of Remote Operating System Fingerprinting. [Online, July 16, 2003.] Sans Institute Website. http://www.sans.org/rr/papers/ 42/1231.pdf.