Passive Network Fingerprinting

In the network security world, nmap is the king for active fingerprinting systems and services over the network. It can help identify the operating system (OS), type, and version of a network service, and vulnerabilities that might be present.

There are less noisy alternatives to nmap that fall into the passive fingerprinting category by sending specially crafted packets. Instead of actively sending packets to a host and service, they passively analyze network traffic to identify unique characteristics for particular operating systems, client applications, and network services. To date, the majority of free and open-source passive fingerprinting tools have focused on OS fingerprinting. PRADS is the one of the few open-source tools that currently includes fingerprinting additional things like services. Program p0f v3, after six years, gets complete rewrite which includes the ability to fingerprint TCP services. This new version currently supports HTTP response and request signatures, but additional protocols are expected to be added in the future. The obvious difficulty with passive fingerprinting is the need to sniff the traffic. Original news can be found at DarkReading web site.