TCP fingerprinting
Updated: 09/12/2023 by Computer Hope
TCP fingerprinting, also known as TCP stack fingerprinting, is the analysis of data fields in a TCP/IP packet to identify the various configuration attributes of a networked device. The information learned from a TCP fingerprint includes the type of device the packet originated from and the operating system it is running. Programs that perform TCP fingerprinting include the network tool nmap.
Packet fields commonly used in TCP fingerprinting
The following table lists each TCP (transmission control protocol) field name and size.
| Field name | Field size |
|---|---|
| Initial Packet Size | 16 bits |
| Initial TTL (time to live) | 8 bits |
| Window Size | 16 bits |
| Max Segment Size | 16 bits |
| Window Scaling Value | 8 bits |
| Don't Fragment Flag | 1 bit |
| SackOK Flag | 1 bit |
| NOP Flag | 1 bit |