The queso utility performs remote operating system detection by sending a malformed TCP packet and observing how a particular host responds to it. The name is a shorthand version of the Spanish phrase, “Que Sistema Operativo?,” which means “What is your operating system?” queso is used by the Internet Operating System Counter, a survey of operating system usage on the Internet (http://www.leb.net/hzo/ioscount/index.html ). queso can be used to monitor the network, looking for new hosts that may be candidates for backups. You might be wondering how queso does what it does. This is what the author of queso had to say about that:
How we can determine the remote OS using simple tcp packets? Well, it’s easy, they’re packets that don’t make any sense, so the RFCs don’t clearly state what to answer in these kind of situations. Facing this ambiguity, each TCP/IP stack takes a different approach to the problem, and this way, we get a different response. In some cases (like Linux, to name one) some programming mistakes make the OS detectable.
queso is available at http://www.apostols.org/projectz/queso.
Get Unix Backup and Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
