a77dd04035
different database files than the earlier one / pf / tcpdump), ok giovanni@ P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP). The tool can be operated in the foreground or as a daemon, and offers a simple real-time API (via unix domain sockets) for third-party components that wish to obtain additional information about the actors they are talking to.
13 lines
700 B
Plaintext
13 lines
700 B
Plaintext
P0f is a tool that utilizes an array of sophisticated, purely passive
|
|
traffic fingerprinting mechanisms to identify the players behind any
|
|
incidental TCP/IP communications (often as little as a single normal SYN)
|
|
without interfering in any way. Version 3 is a complete rewrite of the
|
|
original codebase, incorporating a significant number of improvements to
|
|
network-level fingerprinting, and introducing the ability to reason about
|
|
application-level payloads (e.g., HTTP).
|
|
|
|
The tool can be operated in the foreground or as a daemon, and offers a
|
|
simple real-time API (via unix domain sockets) for third-party components
|
|
that wish to obtain additional information about the actors they are
|
|
talking to.
|