Hey Hey,

Here's another one for the External Tuts DB

Anyways... it was posted to FD so many of you may have already seen it. For those that didn't, however... here it is.


Abstract: The purpose of this paper is to discuss some techniques that can be effectively used in remote host fingerprinting. The
paper will specially cover the cases where network hosts are behind firewalls. We will explain the techniques with various tools
but the majority of the work is based on a simple and powerful utility named hping. This paper assumes that reader has a basic
understanding of remote host fingerprinting and Transmission Control Protocol/Internet Protocol (TCP/IP). We will review both;
the service port fingerprinting and OS fingerprinting in certain fire walled environments and will try to analyze the methods in
detail that brings us the advantages and disadvantages of some techniques. Familiarity with hping and nmap will be useful for
understanding the methods.
Key words: hping, nmap, iptables, tcpdump, sniffing, NAT, VMWare