yea all these tools are great, but you can use the TTL value given by a ping to determine the type of OS,

obviously it wont do it and tell you its windows 2000 with service pack 2, just gives you the basic overview that its a windows system, or nix, or AIX.....etc...

http://secfr.nerim.net/docs/fingerpr...l_default.html

I was gonna copy the table into here, but I couldnt be bothered to re-gig it so it was readable, I dunno whether its fesible but being able to use tab in this reply window sure would be useful.

anyway, that method works pretty well, On linux you can change the TTL value - inaffect making it harder to identify, but this could have implications. This is how Nmaps works I think.

cheers

i2c