OS Fingerprinting: How to force linux to be identified as windows
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
OS Fingerprinting: How to force linux to be identified as windows
Long story: I'm having problems with my internet connection. I have two systems installed on my box - Linux and Windows. When I'm running windows, my network connection speed is about 500 kb/s. When I'm on Linux or using a router, speed drops to 20 kb/s. I have never seen this kind of behaviour before. Maybe I'm wrong, but I suspect that my ISP does something strange with my connection depending on the OS I use.
To prove my theory I've installed Osfuscate on Windows and set it to act like Linux. Speed dropped from 500 kb/s to 150 kb/s. Next thing I'd like to do is to force Linux to be identified as Windows. I've found some settings:
Have you tried contacting your ISP about this? It sounds to me like you're not getting the service you're paying for, and you've got some evidence that the problem is in fact at their end. 20 kb/s is slower than my old dial-up Internet connection.
Yes, I wrote a message to ISP yesterday. But my provider really sucks - it's impossible to contact the administrator because it's weekend :/ Unfortunately changing ISP is not possible.
Anyway, I'd like to investigate a little bit on my own, to be perfectly sure, that my speed problem is not my fault. The question remains: How do I force Linux to be identified as Windows?
Dont think you can do it. Fingerprinting relies on subtle nuances in how the stack handles certain situations.
How are you measuring the bandwidth? Are you passively sniffing the entire line with a different machine or using a local bandwidth measuring tool on just the traffic you're expecting? Perhaps there is some other process that is using up the line (bit torrent, botnet, etc)
I dont understand the motivation an ISP would have to limit bandwidth based on an OS.
Block all ports then the ISP can't identify the OS at all. Browse through privoxy, which can be set to identify your system as whatever you choose.
Not true. There are techniques to passively identify an OS, especially if you're a MITM... and browsing through privoxy only allows you to sanitize higher layers. If the privoxy server is on the linux machine, then it's still going to be using the linux stack to forward the requests at the lower levels.
But then, it really depends on what (if they really are) criteria they are using to make the determination. Is it only http traffic that's slowing down? If yes, then privoxy just might be the answer. If it's everything, including VPN traffic, then certainly not.
Last edited by JulianTosh; 10-04-2009 at 08:07 AM.
I'll try to describe everything as clear as I can.
My internet connection works at full speed (500 kb/s) only in one situation - when cable is connected directly to my box and the OS is Windows. When the OS is Linux, speed drops to 20 kb/s. When I try to use router (I've checked Linksys WRT54GL with three different firmwares and D-Link DI-604) speed drops to 20 kb/s - no matter which OS I'm running. But there's one exception - ssh works at full speed, always.
I'm sure it's not some service or torrent choking my connection. I've checked 3 distros - Centos, Fedora and Debian (fresh installation). I measure speed in a very simple way - I'm downloading a file from ISP test page (with firefox) or file from server in my company (ftp or ssh).
In my opinion there's nothing wrong with my configuration - I've checked my computer and routers with different ISP, everything works fine. That's why I think that my ISP is choking my connection. Why? I have no idea. Maybe tommorow I'll get some answers.
Simon Bridge: I agree. There's no reason why download should depend on OS. But it's theoretically possible. And from my point of view, it is happening to me Please, correct me if my conclusions are wrong.
"I measure speed in a very simple way - I'm downloading a file from ISP test page (with firefox) or file from server in my company (ftp or ssh)"
Firefox gives OS identification. FTP client as well.
First of all, when next time you will check speed under windows, try to find out how many connection your browser or ftp client opens to server. It can be more then one, and then compare with linux.
I use OpenSuse, and I do it because under linux internet works much, much better then under windows.
What I think, that it is may be default tcp/ip configuration or other default network configuration.
All linux's distributions have different default configurations, so you have to read about it on their web sites.
500 kb/s = 62 KB/s - it is not big speed.
Check ethernet card settings - full/half duplex, negotiation ...
nimnull22: I've checked several distros including livecd's (redhat based, debian based). And saying kb/s i meant kilobytes/s - my mistake.
Anyway, today my ISP is sending his worker to fix the problem.
Ok, the situation looks like this. Yesterday technician came to fix my issue. He checked my configuration then phoned the administrator. He was told, that the cable is the source of the problem. And only Windows can handle this kind of crossover cable. He also said something about gigabit ethernet cards. I don't know the details - I haven't spoken to administrator directly and I didn't have time to ask to many questions.
For me it all looks a bit weird, but I'm no guru. Now I'm waiting for someone to replace the cable - to the one, that will be linux-compatible
They confuse you. Linux much flexible then windows. If you connect you comp, there should not be crossover ehternet cable, which normally uses only between routers or switches. It may be some problems with configuration ethernet cards (your comp. and port in their router), but in linux by default everything should be in "auto". You can manually set it to use 100BaseT: ETHTOOL_OPTIONS='speed 100 duplex full autoneg on wol d' (add it to ifcfg_ethX).
miracle! yesterday everything started to work, without replacing cable or any configuration change on my side. i guess my isp found the source of the problem somewhere else, but he didn't bother to let me know what was it. anyway, i'm glad i finally have my net fixed. and thank you all for your help.