1

I need to find the type of OS installed in a Remote Machine. I know that, I can use OS Finger Printing Tools like NMap to detect the OS specific details of the Remote Machine. But I can't use such tool, since there are some licensing issues. I need to implement my own logic to detect OS. On my search I have found a link that we can find the OS type based on TTL. But using TTL is not always accurate. It is based on hop calculation.

There will be some open ports in a machine. By scanning that we can somehow manage to find the OS.

Is there any such Port which might give some idea about OS type? I need to implement a logic to run a Script based on OS. If there are some conditions which is useful to detect the OS type then It might save some time.

if(IsOpen(Some_Port_Number))
{
//This machine might be a windows based one so

if(Run_WindowsBasedScript()==False)
{
Run_LinuxBasedScript();
}
}
else
{
if(Run_LinuxBasedScript()==False)
{
Run_WindowsBasedScript();
}
}

So I need to reduce the run time by identifying the OS type.I thought based on open ports we can find OS. Any Help would be appreciated.

Community
  • 1
  • 1
BinaryMee
  • 2,102
  • 5
  • 27
  • 46
  • Please do not [cross-post](http://superuser.com/questions/655403/identify-remote-os-based-on-port) on different stack-exchange sites. Please remove one of these questions. – Rik Oct 07 '13 at 10:07
  • Yeah I have done it.! – BinaryMee Oct 07 '13 at 11:14

1 Answers1

0

There is not "just one port" you can scan to determine the OS. If you can't use NMAP you'll need to emulate it's mechanism to detect the OS.

Of course you could get lucky with a telnet command (on port 23) giving you the operating system back or a curl -I microsoft.com giving you the web-server Microsoft-IIS/7.5 (classical techniques) but don't count on it.

You'll need to use complicated techniques. You can read in this old article about some of the techniques. There are also some mention of others who use different techniques.

First you need to find out which family the machine belongs to. (You already mentioned the TTL-method) After that you can read in the article above what steps you can take to determine versions.

Another fact is that NMAP uses not just one port, but is best effective if there is at least one open and one closed TCP port found. (It says so when it doesn't find them) So it also determines the OS by combinations of ports found open and closed.

For some further reading:

Rik
  • 1,982
  • 1
  • 17
  • 30