Fingerprinting identifies OS types, service versions, and application software — active (probing responses) or passive (analyzing traffic patterns). Enables targeted exploits.
OS fingerprinting (Nmap -O) uses TCP/IP stack behavior differences. Service version fingerprinting (Nmap -sV) reads banners. Passive fingerprinting (p0f) analyzes existing traffic. Defense: suppress banners, customize TCP/IP stack behavior.