flow monitoring is a way of monitoring network activity without looking at individual packets or the payload of these packages. This paper proposes a method to detect a specific operating system in a network within a set of network flows. This is desirable because it is not feasible to capture individual packets or to inspect payload of the network traffic of a company or university. An administrator might want to know which operating systems are being used in his/her network. The update procedure of the operating system is different for different operating systems. This could be visible within network flows. The method is demonstrated by a proof of concept and validated using real flow data from the routers of the University of Twente.
[1]
Gordon Fyodor Lyon,et al.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
,
2009
.
[2]
Jürgen Schönwälder,et al.
Flow signatures of popular applications
,
2011,
12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops.
[3]
Brian Trammell,et al.
YAF: Yet Another Flowmeter
,
2010,
LISA.
[4]
Greg Taleck,et al.
Ambiguity Resolution via Passive OS Fingerprinting
,
2003,
RAID.
[5]
Jürgen Quittek,et al.
Requirements for IP Flow Information Export (IPFIX)
,
2004,
RFC.