Telnet Fingerprinting

Network ServicesIn some cases we fail to find the real information regarding a host on the network. NMAP can be a good scanner but it also can fail to give us the real OS version. Passive fingerprinting is another good way but now a day changing the OS fingerprint is very common by network/system administrators,To solve this problem and find host finger print there is many ways but we can try the following:

Download telnetrecon and make sure that the telnet port is open (TCP23), after running the application we start the negotiation with the targeted machine so for example if the machine is Microsoft Windows XP it will respond as follow:


Those characters will be translated to their ASCII representation which is easier to analyze and compare them. This will generate the following fingerprint string:


3. Telnet specification can be found in RFC 854. Explanation response is described as follows:

255 – IAC data byte
253 – DO Code
37 – Authentication option (RFC 2941)
255 – and another IAC-byte
251 – Code WILL

This is a good approach for identifying a host remotely you can try it on your LAB.

make sure you subscribe to my RSS feed!