[Dshield] Re: Dshield digest, Vol 1 #629 - 15 msgs

Kenneth Williams ken at kwilliams.org
Sat May 25 16:19:25 GMT 2002

If you have a *NIX box at your disposal you can examine the captured packets
or tcpdump / snort captures with a OS fingerprint tool such as p0f .
I happen to like that particular tool which can be had at

----- Original Message -----
From: "Steven Hull" <sphull at oanet.com>
To: <list at dshield.org>
Sent: Saturday, May 25, 2002 8:35 AM
Subject: [Dshield] Re: Dshield digest, Vol 1 #629 - 15 msgs

> >From this I determine that most of the servers in this report are
> IIS.  And one Apache.  How would one determine that a server is a Red Hat
> Linux box when 99% of those boxes run Apache.  Apache can also be run on a
> Microsoft OS as well as a couple of others.  How can you determine one
> Linux/Unix server from another to be that specific of the operating
> system????
> Steven Hull
> Networking Student

More information about the list mailing list