Hello, I have a pcap file and I'm trying to figure out a way to determine the operating system used by the client system? I think from the data it is a Dell machine running a Microsoft operation system but I'm not sure which(2000,XP, Vista, Window 7, etc).
Also, how do I determine the client’s IP address and MAC address?
asked 29 Jan '11, 09:57
Try to find an HTTP request if you can, those usually have OS information fields in their headers like this:
This one would be from a Windows XP machine, because "Windows NT 5.1" is Windows XP, while "5.0" would be Windows 2000, "6.0" is Vista, "6.1" is Windows 7.
Regarding client IP and MAC: this might be a bit more difficult to determine depending on where the capture was taken - you might not be able to see the MAC address at all if it hidden behind a router. Usually the client is the one where the connection is established from, so look for which machine has the most SYN packets send out by filtering on
answered 30 Jan '11, 05:34