Tuesday, December 6, 2011


Information Gathering -> Network Analysis -> OS fingerprinting -> xprobe2

While p0f does passive OS fingerprinting, xprobe2 does active. It tries to find the OS type with multiple approaches, like fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database. These mainly focus on network protocols like ICMP, TCP and UDP. Beside that it's capable to do port scanning as well.

It has quite a few options, but it's quite easy to run with the default settings:

root@bt:~# xprobe2

It's not really accurate, but probably because its database is not up-to-date.

No comments: