Section: User Commands (1)Index
p0f - identify remote systems passively
SYNOPSISp0f[ -f file ] [ -i device ] [ -o file ] [ -s file ] [ -vKUtq ] [ 'filter rule' ]
This manual page briefly documents thep0f
p0fuses a fingerprinting technique based on information comingfrom remote host when it tries to establish a connection to your system.Captured packet parameters contain enough information to determineremote OS - and, unlike active scanners (nmap, queSO) - this is donewithout sending anything to this host.
In short, there are certain TCP/IP flag settings specific for given systems.Usually initial TTL (8 bits), window size (16 bits), maximum segment size(16 bits), don't fragment flag (1 bit), sackOK option (1 bit), nop option(1 bit), window scaling option (8 bits), initial packet size (16 bits)vary from one TCP stack implementation to another, and, combined together,give unique, 67-bit signature for every system.
- -f file
- read fingerprint information from file
- -i device
- read packets from device
- -s file
- read packets from file
- -o file
- write output to file (best with -vt)
- verbose mode
- do not display unknown signatures
- do not display known signatures
- add timestamps
- quiet mode - do not display banners
- -m file
- send output to mysql server in 'file'
- -g file
- insert fprints from 'file' into sql (must be used with -m)
- default Operating System fingerprint file
was written by Michal Zalewski <lcamtufAATTcoredump.cx>. This man page was written by William Stearns <wstearnsAATTpobox.com>
This document was created byman2html,using the manual pages.