blob: 06513f1b453b5ed38bd97037c908bde5063dd5db (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
Passive OS fingerprinting is based on information coming from a remote host
when it establishes a connection to our system. Captured packets contain
enough information to identify the operating system. In contrast to active
scanners such as nmap and QueSO, p0f does not send anything to the host
being identified.
For more information, refer to Lance Spitzner's old paper about passive OS
fingerprinting: http://old.honeynet.org/papers/finger/.
Use of this program requires read access to the packet filtering device,
typically /dev/bpf0. Granting such access allows the users who have it to
put your Ethernet device into promiscuous mode and sniff your network.
Running p0f with no options will cause it to analyze packets intended for
other hosts.
WWW: http://lcamtuf.coredump.cx/p0f3/
|
