CAPEC-315 - TCP/IP Fingerprinting Probes

An attacker engages in TCP stack fingerprinting techniques to determine the type and version of operating systems on the network. TCP Fingerprinting involves manipulating portions of the TCP header or other characteristics in order to elicit a unique and identifiable response from an operating system. This response is compared against a database of known operating system fingerprints and a guess about the operating system type and version is made.






  • Scopes 2
  • "Varies by context"
  • Confidentiality
  • Hide activities
  • Bypass protection mechanism
  • Authorization
  • Access_Control
  • Confidentiality

The ability to send and receive TCP segments from a target in order to identify a particular TCP stack implementation.