diff options
Diffstat (limited to 'network/p0f/README')
| -rw-r--r-- | network/p0f/README | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/network/p0f/README b/network/p0f/README index 4f31089bf4142..6d725b92cf6b3 100644 --- a/network/p0f/README +++ b/network/p0f/README @@ -1,12 +1,15 @@ -p0f v2 is a passive operating system fingerprinting tool. -It can identify the OS on: - - machines that connect to your box (SYN mode), - - machines you connect to (SYN+ACK mode), - - machines you cannot connect to (RST+ mode), - - machines whose communications you can observe. +P0f is a tool that utilizes an array of sophisticated, purely passive +traffic fingerprinting mechanisms to identify the players behind any +incidental TCP/IP communications (often as little as a single normal SYN) +without interfering in any way. Version 3 is a complete rewrite of the +original codebase, incorporating a significant number of improvements +to network-level fingerprinting, and introducing the ability to reason +about application-level payloads (e.g., HTTP). -P0f can also detect or measure the following: - - firewall presence, NAT use, - - existence of a load balancer setup, - - the distance to the remote system and its uptime, - - other guy's network hookup (DSL, OC3, avian carriers) and his ISP. +To build and install the optional signature and API tools, specify +TOOLS=yes to the SlackBuild, for example + + TOOLS=yes sh p0f.SlackBuild + +If you are upgrading from p0f version 2.0.8, please note that the files +/etc/p0f/p0f{a,o,r}.fp are no longer used and can be removed. |