After identifying live systems in the target range and enumerating open ports on those systems, it is important to start gathering information about them and the services that are associated with the open ports. In this chapter, we will discuss different techniques used to fingerprint systems and services with Kali Linux. These techniques will include banner grabbing, service probe identification, operating system identification, SNMP information gathering, and firewall identification. Specific recipes in this chapter include the following:

• Banner grabbing with Netcat
• Banner grabbing with Python sockets
• Banner grabbing with DMitry
• Banner grabbing with Nmap NSE
• Banner grabbing with Amap
• Service identification with Nmap
• Service identification with Amap
• Operating system identification with Scapy
• Operating system identification with Nmap
• Operating system identification with xprobe2
• Passive operating system identification with p0f
• SNMP analysis with Onesixtyone
• SNMP analysis with SNMPwalk
• Firewall identification with Scapy
• Firewall identification with Nmap
• Firewall identification with Metasploit