p0f = Passive OS Fingerprinting
p0f is capable to identify OS fingerprints in passive mode. It does it by sniffing and analyzing TCP packets, so in case we connect somewhere, or someone else connects to us, it can listen to the traffic passively, and doesn't generate any traffic. It can detect OSes in the following ways:
- SYN mode (who connects to us) - this is the default- SYN + ACK mode - where we connect to
- RST+ mode - where we can't connect
- those whose traffic we see
The default fingerprint database can be found in the /etc/p0f/ folder.
Examples:
root@bt:~# p0f -h <- help
root@bt:~# p0f -i eth1 <- listen on eth1 interface
root@bt:~# p0f -i eth1 -A <- SYN ACK mode
root@bt:~# p0f -i eth1 -A -l -t <- one line output and timestamp
For me it didn't really worked out, no matter what I visited.
Official website: http://lcamtuf.coredump.cx/p0f.shtml
No comments:
Post a Comment