Abstract
Today computer and network security are a big part of a system administrators life. New methods and applications appear and several makes the system administrator’s job easier.
Gathering information is a big part of detecting threats and staying one step ahead of the black hats.
This thesis looks at and investigates a specific area in network security,
namely passive operating system detection.
Information is important in network security and knowing your enemies are important in securing your network.
Passive operating system detection helps collecting information passively, which can be used to the administrators advantage.
The thesis looks at passive operating system detection applications and looks especially on the applications p0f and prads.
By running both applications in a larger network and testing them in a
controlled environment, the weaknesses of both applications are revealed and improvements suggested and tried implemented.
Improvements discussed and tried implemented in this thesis, are adding new signatures and creating Perl scripts that improves the applications itself.
The scripts deals with the output from the applications which tends to be overwhelming and needs new presentation methods.