DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING | DWIGHT LOOK COLLEGE OF ENGINEERING | TEXAS A&M UNIVERSITY
Remote OS fingerprinting/classification
Determining the operating system of a remote host using interaction with its network stack is an important task in security, especially using low-overhead non-intrusive measurements. Volatility of observed features (e.g., retransmission timeouts affected by network jitter, TCP window size tweaked by end-users) and difficulty in differentiating between similar stacks leads to interesting questions in stochastic modeling, classification, and Internet characterization. Our initial investigation into these issues has created new methodology and measurement techniques (Hershel, Hershel+, Plata, Faulds) for solving this problem. Below are the papers describing these findings.
Original Hershel code and database, latest version on github
Original Hershel+ code and database, latest version on github
Faulds on github