23 lines
799 B
Text
23 lines
799 B
Text
QueSO homepage -- http://www.apostols.org/projectz/queso/
|
|
|
|
How we can determine the remote OS using simple tcp packets? Well,
|
|
it's easy, they're packets that don't make any sense, so the RFCs
|
|
don't clearly state what to answer in these kind of situations.
|
|
Facing this ambiguous, each TCP/IP stack takes a different approach
|
|
to the problem, and this way, we get a different response. In some
|
|
cases (like Linux, to name one) some programming mistakes make the OS
|
|
detectable.
|
|
|
|
QueSO sends:
|
|
|
|
0 SYN * THIS IS VALID, used to verify LISTEN
|
|
1 SYN+ACK
|
|
2 FIN
|
|
3 FIN+ACK
|
|
4 SYN+FIN
|
|
5 PSH
|
|
6 SYN+XXX+YYY * XXX & YYY are unused TCP flags
|
|
|
|
All packets have a random seq_num and a 0x0 ack_num.
|
|
|
|
WWW: http://www.apostols.org/projectz/queso/
|