What is Footprinting?
Footprinting is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.
Footprinting is a part of the reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active. Reviewing a company’s website is an example of passive footprinting, whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering.
What is Fingerprinting?
Fingerprinting, in ethical hacking, refers to any method that is used to determine the operating system that is being run on the target computer. Fingerprinting, much like Footprinting is both active and passive
Active Fingerprinting
Active fingerprinting is accomplished by sending specially crafted packets to a target machine and then noting down its response and analyzing the gathered information to determine the target OS. In the following section, we have given an example to explain how you can use NMAP tool to detect the OS of a target domain.
Passive Fingerprinting
Passive fingerprinting is based on sniffer traces from the remote system. Based on the sniffer traces (such as Wireshark) of the packets, you can determine the operating system of the remote host. Before attacking a system, it is required that you know what operating system is hosting a website. Once a target OS is known, then it becomes easy to determine which vulnerabilities might be present to exploit the target system. Fingerprinting is done by analyzing various factors of a packet
TTL ? What the operating system sets the Time-To-Live on the outbound packet.
Window Size ? What the operating system sets the Window Size at.
DF ? Does the operating system set the Don’t Fragment bit.
TOS ? Does the operating system set the Type of Service, and if so, at what.
By analyzing these factors of a packet, you may be able to determine the remote operating system. This method is not 100% accurate and works better for some operating systems than others.