Fingerprinting: identifies devices through ports and software versions

Álvaro Núñez. Security Researcher at Telefónica Digital, and lecturer in the Master's Degree in Online Cybersecurity at IMMUNE Technology Institute.

"Fingerprinting: identifying devices through ports and software versions", was the title of the webinar held a few days ago with the aim of learning about this technique used to identify and characterise systems and software versions. devices connected to a network. This is based on collecting different information about the system or device, and analysing the results in search of open ports, versions of running services, used protocols...

It would be possible to make different techniques based on the system to be explored, for example:

• Port scanning: is used to identify which ports of a system are open and accessible through the network. This technique is based on sending requests to different ports on the device and analysing the responses received.
• Version scanning: extends the port scan information to find out what type of service is behind it, as well as its version. With this information it is possible to search for known vulnerabilities in these service versions.
• Search for the operating system: It is also possible to find out which operating system is behind a machine. This can be done by analysing the services found using the techniques mentioned above, or by analysing network traffic and examining the protocols used.

Fingerprinting tools

The following techniques can be used to carry out these techniques tools known in the field of IT security. During the webinar, some well known ones were used, such as:

• Nmap: is a network scanner of open source very popular used to discover devices connected to a network, determine their IP addresses, open ports, running services and other details. It is compatible with a wide variety of operating systems, including Windows, Linux and macOS. It also has a graphical user interface (GUI) to enhance the visualisation of results. With Nmap it is possible to perform port scanning and versions, as well as the detection of the operating system in a simple and effective way.
• Wireshark: is a very popular open source network protocol analyser, compatible with various operating systems such as Windows, Linux and macoS. It is used to capture and analyse network traffic in real time, allowing users to view details of every packet travelling across a network. Among other features, Wireshark detects multiple network protocols and allows users to create filters to view only the packets they are interested in. It is a tool widely used by computer security professionals as well as network administrators and developers to detect network problems, debug applications and protocols, and to better understand how a network works. In addition, it is also used to analyse and detect security problemsWireshark can be used to detect and detect attacks such as denial of service (DoS) attacks, intrusions, and more. Wireshark has an easy-to-use graphical user interface (GUI), but can also be used at the command line.

It is important to mention that the fingerprinting should be done only with authorisation and only on internal networks for security purposes.

I hope you enjoy the webinar!

If you are interested in cybersecurityIf you are looking for training and you want to specialise in the sector, take a look at our Master's Degree in Cybersecurity Online or to the Cybersecurity Bootcamp y fill in the form for more information.