P0f v2 is a versatile passive OS fingerprinting tool to an attacker to determine an operating system on:
machines that connect to your box (SYN)P0f can also do many other tricks, and can detect or measure the following:
machines you connect to (SYN/ACK)
machines you cannot connect to (RST)
machines whose communications you can observe (MiTM?)
firewall presence, NAT use (useful for policy enforcement)
existence of a load balancer setup
the distance to the remote system and its uptime
target's network hookup (DSL, OC3, avian carriers) and its ISP
All this can be performed even when the device in question is behind an overzealous firewall or packet filters, when our usual active scanner such as nmap can't do much. P0f does not generate ANY additional network traffic, direct or indirect. No name lookups, no mysterious probes, no ARIN queries, nothing.
Download p0f here:
p0f 2.0.8
A windows port of p0f can be found here:
p0f 2.0.4 Windows Port
And you can find out more about p0f here.
Posts
0 comments:
Post a Comment