Information, Computer and Network Security Terms Glossary and Dictionary

TCP Fingerprinting or OS Fingerprinting

TCP/IP Fingerprinting, also known as TCP stack fingerprintin or OS fingerprinting, is the process of determining the identity of a remote host's operating system by analyzing packets from that host. TCP fingerprinting works by sending TCP packets to a port and noticing how the TCP stack responds. Many of the specifications for TCP/IP are left open to interpretation, so each vendor implements the TCP/IP stack a little differently, creating a unique identifier or fingerprint. There are two different types, active and passive. Passive OS fingerprinting identifies the remote operating system with packets that are received, without sending any packets. Active OS fingerprinting, by contrast, sends packets and waits for a response (or lack of one). Active OS fingerprinting sometimes sends strange packets, because different implementations respond differently to such errors.

Related Terms

TCP Fingerprinting or OS Fingerprinting