Passive OS Fingerprinting Prototype Demonstration

Operating system identification of communicating devices plays an important part in network protection. However, current networks are large and change often which implies the need for a system that will be able to continuously monitor the network and handle changes in identified operating systems. In this paper, we propose an architecture of an OS fingerprinting system based on passive network monitoring and a graph-based data model to store and present information about operating systems in the network. We implemented the proposed architecture and tested it on the backbone network of Masaryk University. Our results suggest that it is suitable for monitoring a large network with tens of thousands of actively communicating devices