You are here: Additional Resources > PVS Plugins > PVS Fingerprinting

PVS Fingerprinting

Tenable uses a hybrid approach to operating system fingerprinting. Primarily, plugins are used to detect and identify the OS of a host. If this is not possible, PVS uses detected packets to identify the OS.

PVS has the ability to guess the operating system of a host by looking at the packets it generates. Specific combinations of TCP packet entries, such as the window size and initial time-to-live (TTL) values, allow PVS to predict the operating system generating the traffic.

These unique TCP values are present when a server makes or responds to a TCP request. All TCP traffic is initiated with a “SYN” packet. If the server accepts the connection, it sends a response known as a “SYN-ACK” packet. If the server cannot or will not communicate, it sends a reset (RST) packet. When a server sends a “SYN” packet, PVS applies these list of operating system fingerprints and attempts to determine the operating system type.

Tenable Network Security has permission to re-distribute the passive operating fingerprints from the author of SinFP open source project.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.