Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

OS Fingerprinting/Identification for Windows XP Workstations

Posted on 2006-06-27
8
Medium Priority
?
549 Views
Last Modified: 2012-05-05
Is there a way (or program) to successfully identify OS workstations on the network? I use nmap -O to scan the network but most of the network stations have sp2 w/ firewall enabled and nmap cannot determine the OS Fingerprint. Also, I need to save the output to a database (or file) so there has to be some sort of exporting in the program that you recommend.

Thanks!
0
Comment
Question by:SECGRAD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 13

Expert Comment

by:ScooterAnderson
ID: 16995344
Hmmm... as long as the MSFirewall is up and configured properly, you _shouldn't_ be able to fingerprint a machine behind it...  The whole concept of a firewall is to protect the computer behind the "wall", with only small holes/ports poked in it for access from the "outside" - which in this case, is your internal network.  Nmap, Santa/Satan, etc. work by assessing what ports are open and the OS generated responses on those ports to do a "best guess" of what OS is behind it.

If you are running a Windows Domain and all systems are MS, you could try using MS Baseline Analyzer to check out your systems - it'll use most of the standard MS ports to communicate and assess the patch levels of your desktop systems...  Take a look here -->  http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx

If you really want to use NMap, you could also use your Domain Security Policy to disable the firewall on all your domain systems (not recommended), then run your scans.  You can re-enable the firewall later, but could possibly lose any custom configs on the workstations... and you could also take it in the shorts if you've got any trojans/worms lurking on your network...

Good Luck,
Scooter
0
 
LVL 3

Expert Comment

by:Chris_Picciotto
ID: 16995878
Is this nework a domain?
0
 
LVL 3

Expert Comment

by:Chris_Picciotto
ID: 16995912
What information specifically are you looking for from the systems?

It is possible to write special scripts to return results. This requires creativity and a little know how.

0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:SECGRAD
ID: 16995971
Good suggestions but writing scripts would be to much work. I scan multiple subnets within my organization and need to do OS Fingerprint on workstations with firewalls installed. I do not need to identify if they are vunlnerable just the identifications of the station, their IP. NMap is a good tool but doesn't do anything when a user is running a firewall.

Scootter, MBSA did not work for us. We're not running a Windows Domain and but do use LDAP for certain authenticaiton schemess. I just ran the software and tested it on the network. It did not detect OS.

Anyone have any suggestions on how to detect devices on the network even if they have a software firewall????
0
 
LVL 3

Expert Comment

by:Chris_Picciotto
ID: 16996151
We i was in a similar situation in a previous job and was able to construct a script to do the following:

1) Insert a scheduled task on a list of machines obtained from computer brower list from a server
2) The inserted task is nothing more than a batch file with the following command     IPCONFIG /ALL >> \\server\share\%computername%.txt

It was actually pretty easy but the first script was written in VB and i'm way to rusty now.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16998832
Try X-Probe which is an open source stuff;

http://sourceforge.net/projects/xprobe

Cheers,
Rajesh
0
 
LVL 1

Accepted Solution

by:
BooneSaysHi earned 1000 total points
ID: 17005387
Check out the toolsets from Solar Winds.  The trial software will allow you to view the data collected from each tool but you will need to purchase the software to export the data to excel or csv.  I use these tools when ever I start a new job as network admin as the network documentation has always been out of date or incomplete.  The URL is: www.solarwinds.net

On a side note:  It is always possible to finger print the OS even if it is running a software firewall as each OS/Service will have variations in the network protocol or response to an event.  This toolset has multiple methods for detection so they should work in your situation.

0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question