Improving accuracy of applications fingerprinting on local networks using NMAP-AMAP-ETTERCAP as a hybrid framework

The process of detecting running software on remote hosts, is generally known as fingerprinting. Fingerprinting process is performed as step before the attack stage on the remote host. There are two types of fingerprinting; active and passive fingerprinting. However, each type encountered limitation when implemented separately in networks, and their inability to provide accurate information about the host services/applications. The main objective of this paper is to propose possibility of enhancing the detection process of the host profiling, applications/ services fingerprinting and the methods of host identification. Herein, we perform network host profiling by identifying different services/ applications that were running on the host. More so, we exploit sophisticated process of application layer protocol payloads by active and passive fingerprinting tools. Besides, we attempt to add a layer of correctness into these tool results, by building a new database of signatures which is derived from these results. The new signature database can be tested either exactly or through approximate fuzzy matching. The experiment results give a better accurate output compare to the base tools alone.