TCP fingerprinting

Updated: 04/26/2017 by Computer Hope

TCP fingerprinting, also known as TCP stack fingerprinting, is the analysis of data fields in a TCP/IP packet to identify the various configuration attributes of a networked device. The information that can be learned from a TCP fingerprint includes the type of device the packet originated from and the operating system that it is running. Programs that can perform TCP fingerprinting include the network tool nmap.

Packet fields commonly used in TCP fingerprinting

Field Name Field Size
Initial Packet Size 16 bits
Initial TTL 8 bits
Window Size 16 bits
Max Segment Size 16 bits
Window Scaling Value 8 bits
Don't Fragment Flag 1 bit
SackOK Flag 1 bit
NOP Flag 1 bit

Network terms, Packet