This paper focuses on operating system discovery (OSD), the process of recognizing a host via network traffic. The authors classify existing methods and tools into two broad categories, active and passive, and then demonstrate that their hybrid approach of combining active and passive methods is far more successful than other tools. This great news makes the paper a worthwhile read; however, there is a caveat.
The OSs the authors are testing against are old, even obsolete (including Mac OS X, SunOS, Berkeley Software Distribution (BSD) variants, and Windows XP). However, the devices that give those in information technology (IT) the most headaches these days--the ones that truly need to be recognized on the fly--are mobile systems running iOS and Android/Linux stacks. IT managers know where their old Unix and Windows boxes live; it’s the newer OSs that are transiently and surreptitiously joining corporate networks. While the authors’ software is available for download, it is not yet a useful tool for the average data center manager.
Additionally, while the paper’s topic is OSD, the real concern seems to be the application of diagnosis theory. That is, OSD is simply a convenient topic for exercising diagnosis theories and a good excuse for exploring diagnosis algorithms further; it’s not the researchers’ prime interest. This emphasis on diagnosis instead of OSD means that there is no real desire or urgency to chase new devices or finish an OSD tool. That leaves us waiting for someone else to commercialize their ideas.