Profiling an Operating System (Part 3)

by Don Parker
Sept. 1, 2017 0 comments TechGenix windows client security

We finished off in part two having run the same test criteria of a SYN, RST, and an ACK packet against Windows XP Pro. The return stimulus, or lack of, was the same as that of the Windows 2000 Pro box. In this third part we will now try it against a Windows 2003 Standard box. After that is done we will carry on with another method of identifying a Windows or Win32 (Windows NT/2000/XP/2003) operating system. This will send a SYN packet as noted by the “-S” to the IP address of “” on the TCP port 135 as seen in “-p 135”, and lastly it will only send one packet “-c 1”. The ability to send a precise amount of packets is one of the defining features of Hping in my mind. It gives the pen-tester the ability to be stealthy and blend into network traffic when performing a pen-test. Noted below is the SYN/ACK returned from the W2K3 box and the response from the laptop to this packet. Let’s take a look at it below