Articles Written by Eric Kollmann. Email email@example.com with feedback
(September, 2007) - Another paper in the 'Chatter on the Wire' series. I hope to do more of these as time permits, and with less time between them. This one looks at what was started in the original paper about using DHCP packets to identify the OS passively. We go beyond the original though and have quite a few OS's fingerprints in the paper along with using some new options beyond options 55, 60 and all the options as a whole.
(November, 2010) - Another paper in the 'Chatter on the Wire' series. This paper looks at what has changed from DHCPv4 and how to passive fingeprrint via DHCPv6
(October, 2007) - Slide deck on our presentation for BH Japan. Info presented goes along with the data collected in the DHCP OS Fingerprinting paper above.
(August, 2005) - Paper I'm working on, based on what I've seen with DataDipper/Satori and other programs I've written over the years. Feedback and other info would be greatly appreciated. This also is in its infancy, want to turn it into much more than it is now, but figured I'd throw it out for feedback also. Paper looks at a wide range of Active and Passive approaches of OS identification of devices on the network.