How to Fingerprint a Device in Your Local Network Using Python
If you're testing your network or learning ethical reconnaissance, it's often useful to identify what kind of devices are connected to your local network. Rather than just checking if a device is alive, you can actually fingerprint its OS and services using open ports and protocol behaviors.
This guide shows how to write a Python script that:
-
Estimates OS via ICMP TTL
-
Retrieves TCP banners from open ports
-
Parses HTTP headers and title
-
Extracts SMB OS info (for Windows machines)
-
Resolves hostname
All in one go.
โ๏ธ Prerequisites
Install the required Python libraries:
pip install scapy requests impacket
๐ป Python Code: Fingerprint a Target by IP
import socket
import requests
from scapy.all import *
from impacket.smbconnection import SMBConnection
def get_os_from_ttl(ip):
try:
pkt = IP(dst=ip)/ICMP()
resp = sr1(pkt, timeout=1, verbose=0)
if resp:
ttl = resp.ttl
if ttl >= 120:
return f"Windows (TTL={ttl})"
elif ttl >= 60:
return f"Linux/Unix (TTL={ttl})"
elif ttl >= 250:
return f"Router/IoT (TTL={ttl})"
else:
return f"Unknown OS (TTL={ttl})"
else:
return "No response"
except Exception as e:
return f"Error: {e}"
def grab_banner(ip, port):
try:
with socket.socket() as s:
s.settimeout(2)
s.connect((ip, port))
banner = s.recv(1024).decode(errors='ignore').strip()
return banner if banner else "Empty response"
except Exception as e:
return f"Timeout/Error: {e}"
def http_fingerprint(ip):
try:
resp = requests.get(f"http://{ip}", timeout=2)
title = ""
if "<title>" in resp.text:
title = resp.text.split("<title>")[1].split("</title>")[0]
return {
"status_code": resp.status_code,
"server": resp.headers.get("Server", "Unknown"),
"title": title
}
except Exception as e:
return {"error": str(e)}
def get_smb_info(ip):
try:
conn = SMBConnection(ip, ip, timeout=2)
conn.login('', '') # Anonymous
return conn.getServerOS()
except Exception as e:
return f"SMB error: {e}"
def get_hostname(ip):
try:
return socket.gethostbyaddr(ip)[0]
except:
return "Unknown"
def scan_target(ip):
print(f"=== Scanning target: {ip} ===\n")
print("[*] Hostname:", get_hostname(ip))
print("[*] OS Guess via TTL:", get_os_from_ttl(ip))
print("\n[*] Banner Grabbing:")
for port in [22, 445, 80]:
banner = grab_banner(ip, port)
print(f" - Port {port}: {banner}")
print("\n[*] HTTP Fingerprint:")
http_info = http_fingerprint(ip)
for key, value in http_info.items():
print(f" {key}: {value}")
print("\n[*] SMB OS Info (port 445):")
print(get_smb_info(ip))
if __name__ == "__main__":
target_ip = input("Enter target IP: ").strip()
scan_target(target_ip)
๐ Explanation of Key Techniques
| Technique | Purpose |
|---|---|
| ICMP TTL | Estimate OS family (Windows/Linux/IoT) |
| TCP Banner Grabbing | Read responses from open ports |
| HTTP Header Parsing | Get web server type & title |
| SMB OS Retrieval | Read OS version from Windows shares |
| Reverse DNS Lookup | Try to resolve hostname |
๐งช Sample Output
โ Use Cases
-
Asset discovery in LAN
-
Ethical hacking training labs
-
Detecting rogue devices
-
Monitoring OS diversity in internal networks
โ ๏ธ Disclaimer: For Educational Use Only
๐ Legal Notice:
This script is provided strictly for educational and authorized security testing.
Do not use it to probe or fingerprint devices or networks you do not have explicit permission to analyze.
Unauthorized scanning can be illegal and may result in legal penalties.
โ Always test ethically and within your local laws and guidelines.
Read Similars
Automated LAN Scanning with Nmap and Python โ Exporting Results to JSON
Learn how to automatically scan your local network using Nmap with Python, detect active devices and operating systems, and export scan results to JSON format.
5 min readHow to Scan Local Network for Active Devices Using Python and TCP SYN
Learn how to write a Python script to scan local networks using TCP SYN packets, detect live hosts, and discover connected devices with IPs and hostnames.
5 min readHow to Scan Devices in Your Local Network Using Python and ARP
Learn how to use Python and Scapy to scan your local network, detect connected devices by IP and hostname, and quickly discover active hosts in your LAN.
5 min readTesting Common Django Security Vulnerabilities with Python Scripts
Learn how to test common Django security vulnerabilities like XSS, CSRF, SQL Injection, and more using Python scripts.
5 min readAutomate Website Security Scans: Headers, SSL, Ports & Vulns
Scan your website for security headers, SSL issues, open ports, and vulnerabilities like SQL Injection or XSS using a Python script and generate a HTML.
5 min read