P0f
   HOME

TheInfoList



Click Here for Items Related To - P0f
OR:
P0f on:   [Wikipedia]   [Google]   [Amazon]

p0f is a passive
TCP/IP stack fingerprinting TCP/IP stack fingerprinting is the remote detection of the characteristics of a TCP/IP stack implementation. The combination of parameters may then be used to infer the remote machine's operating system (aka, OS fingerprinting), or incorporated ...
tool. p0f can attempt to identify the system running on machines that send network traffic to the box it is running on, or to a machine that shares a medium with the machine it is running on. p0f can also assist in analysing other aspects of the remote system.


Overview

By inspecting network traffic passively, p0f can attempt to identify the operating systems on remote machines that send TCP packets to the detecting machine's network interface, or to a physical subnet that the detecting machine can listen on. Since version 3, p0f is also able to deduce aspects of the remote system by inspecting application-level HTTP messages. p0f can also check for firewall presence. It can estimate the distance to a remote system and calculate its uptime. It also guesses the remote system's means of connecting to the network (DSL, OC3, etc.). Unlike tools like
nmap Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap pro ...
, p0f does not generate traffic. Instead, it determines the operating system of the remote host by analyzing certain fields in the captured packets. This can have benefits in environments where actively creating network traffic would cause unhelpful side effects. In particular, the remote system will not be able to detect the packet capture and inspection.


Usage

Signatures used for packet inspection are stored in a simple text file. This allows them to be modified without recompiling p0f. The user is allowed to use a different fingerprinting file by selecting another one at
run time Runtime, run-time, or run time may refer to: Computing *Runtime (program lifecycle phase), the period during which a computer program is executing * Runtime library, a program library designed to implement functions built into a programming langua ...
. p0f does not use a graphical user interface: it is run from the
command line A command-line interface (CLI) is a means of interacting with software via command (computing), commands each formatted as a line of text. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user ...
prompt.


References


External links

* {{official website, https://lcamtuf.coredump.cx/p0f3/ Internet protocols Unix security software