Calin's Humble Scanner - User Guide

Operating System Mimic Tehnology

Description
Emulated fields
Exceptions

I have not seen nor heard about this before, for a network scanner, although the ideea may not be new ...

Description

Because the packets are constructed from scratch I had the opportunity, and the will, and the power, to build them as I want. This is why I have implemented the Operating System Mimic Technology. This technology provides some stealth capabilities.

As an example at a higher level, the ping utility/command that is implemented in all the operating systems that have network support sends ICMP Echo request packets with a different payload depending on the operating system that is implemented in and tool's version, although the result is almost the same.

Of course, when I have implemented the operating system mimic capabilities I have gone deep down until the Ethernet level.
Basically, the Operating System Mimic Tehnology means that the packets it sends emulates the comportament of various operating systems and/or their native tools (where is the case).

Currently it emulates the following:

Emulation is done considering the variation of various fields from the:

Which fields are emulated are presented in more details in the next section of this page.

Emulated fields

Without many explanation, here is a short, not quite complete, list of emulated fileds:

Many of these depends of the IP version and of the protocol so there are many values that must be taken into account.

Exceptions

Because of the implementation method used, there are some scan methods when Operating System Mimic Tehnology is not applied. These scan methods are:

These are builded using the Windows's API.

[ User Guide ]