Directory
Active Fingerprinters
These products are designed to guestimate remote operating systems and sometimes even the patch level that the operating system is running on. Active fingerprinting tools rely on stimulus-response, where the source will send certain packets (stimulus) to the target, the target's response can be analyzed to identify the operating system, Different Operating Systems respond to the source packets in different ways, hence their ability to fingerprint different remote hosts reliably . See Also Passive fingerprinting tools. These perform a similar function but without stimulating the remote host, instead they rely on passing traffic.
Nmap
Visit the Product SiteNmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts ...
Amap
Visit the Product SiteAmap is a next-generation scanning tool, which identifies applications and services even if they are not listening on the default port by creating a bogus-communication and analyzing the responses.
Vmap not strictly an OS fingerprinter
Visit the Product SiteVmap stands for version mapper. It allows you to find out the version of a daemon by fingerprinting the features and replys of bogus commands. It's a great addition to the other *map tools.
Snacktime
Visit the Product SiteAs far as I can tell, measuring RTOs seems to be a pretty accurate and stealthy method for profiling networked devices, and Snacktime seems to be a pretty reasonable implementation. Furthermore, masking ones "normal" RTO can be difficult for some operatin ...