Difference between pages "TCP timestamps" and "Google Desktop Search"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New page: '''TCP timestamps''' are used to provide protection against wrapped sequence numbers. It is possible to calculate system uptime (and boot time) by analyzing TCP timestamps (see below). Th...)
 
 
Line 1: Line 1:
'''TCP timestamps''' are used to provide protection against wrapped sequence numbers. It is possible to calculate system uptime (and boot time) by analyzing TCP timestamps (see below).
+
{{Expand}}
 +
Google Desktop Search is an application for both [[Windows]] and [[Mac OS X]] that allows the user to index and then search their local hard drives. These applications integrate with other Google tools such as searching the web and [[Gmail]].  
  
These calculated uptimes (and boot times) can help in detecting hidden network-enabled operating systems (see [[TrueCrypt]]), linking spoofed [[IP]] and [[MAC]] addresses together, linking [[IP]] addresses with Ad-Hoc wireless APs, etc.
+
By default, the Mac version caches content that can be recovered even after the original has been deleted.
  
== Supported Operating Systems ==
+
Google Desktop will be discontinued as of September 14 2011 [http://googleblog.blogspot.com/2011/09/fall-spring-clean.html]
  
* BSD/OS
+
== See Also ==
* [[FreeBSD]], but not the default configuration in versions 3 to 4.3
+
* HP-UX, recent versions
+
* IRIX
+
* [[Linux]], kernel 2.1 and later
+
* NetApp NetCache
+
* Solaris 2.6 and later
+
* [[Windows]] 2000, 2003, XP and Vista
+
  
== Limitations ==
+
[[Windows Desktop Search]]
  
Some operating systems do not send TCP timestamps unless incoming TCP SYN packets will have this option enabled.
+
== External Links ==
  
== Method ==
+
* [http://desktop.google.com/ Official website]
 +
* [http://en.wikipedia.org/wiki/Google_Desktop Wikipedia entry on Google Desktop]
 +
* [http://en.wikipedia.org/wiki/List_of_search_engines#Desktop_search_engines Wikipedia list of Desktop search engines]
  
* Find all TCP packets with timestamp option (in [[Wireshark]] use following display filter: ''tcp.options.time_stamp'');
+
[[Category:Desktop Search]]
* Calculate target's clock frequency (e.g. 100 Hz or 1000 Hz) by analyzing two (or more) TCP timestamps in a certain period of time;
+
* Use this frequency to calculate uptime.
+
 
+
Following tools can automate this process:
+
* [[Nmap]] (only active scan)
+
 
+
== Links ==
+
* [http://rfc.net/rfc1323.html RFC 1323]
+
* http://uptime.netcraft.com/
+

Latest revision as of 01:49, 9 June 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Google Desktop Search is an application for both Windows and Mac OS X that allows the user to index and then search their local hard drives. These applications integrate with other Google tools such as searching the web and Gmail.

By default, the Mac version caches content that can be recovered even after the original has been deleted.

Google Desktop will be discontinued as of September 14 2011 [1]

See Also

Windows Desktop Search

External Links