An administrator has to determine host operating systems on the network and has deployed a transparent
proxy. Which of the following fingerprint types would this solution use?
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during
standard layer 4 network communications. The combination of parameters may then be used to infer the
remote machine’s operating system (aka, OS fingerprinting), or incorporated into a device fingerprint.
Certain parameters within the TCP protocol definition are left up to the implementation. Different operating
systems and different versions of the same operating system set different defaults for these values. By
collecting and examining these values, one may differentiate among various operating systems, and
implementations of TCP/IP. Just inspecting the Initial TTL and window size TCP/IP fields is often enough in
order to successfully identify an operating system, which eases the task of performing manual OS
Passive OS fingerprinting is the examination of a passively collected sample of packets from a host in order to
determine its operating system platform. It is called passive because it doesn’t involve communicating with the
host being examined.
In this question, the proxy will use passive fingerprinting because the proxy is a ‘transparent proxy’. It isn’t seen
by the computer.