Addition of p0f to OpenBSD’s pf
Posted by creining | Filed under Security
OpenBSD has added p0f, a passive operating system fingerprinter, to it’s packetfilter pf. This is really neat! I have used p0f here and there doing analysis of pcaps, in deploying honeynets, and in gathering data about hosts with IDS systems and have been impressed by it’s accuracy. The addition of p0f also adds a -o flag to tcpdump so initial syns can be tied to a particular OS.
Comments are closed.