|
p0f is a versatile passive OS fingerprinting tool. p0f can identify the system on machines that connect to your box, machines you connect to, and even machines that merely go through or near your box even if the device is behind a packet firewall. p0f will also detect what the remote system is hooked up to (be it Ethernet, DSL, OC3), how far it is located, what's its uptime. The latest beta can also detect masquerade or illegal network hook-ups (useful for ISPs and corporate networks). p0f can detect certain types of packet filters and NAT setups, and sometimes can determine the name of the other guy's ISP. It's still passive. It does not generate any network traffic. No name lookups, no traffic to the victim, no ARIN queries, no trace route. == Features == p0f can identify the system on: * machines that connect to your box (SYN mode) * machines you connect to (SYN+ACK mode) * machines you cannot connect to (RST+ mode) * machines that talk through or near your box But checking the system is not all p0f can do, p0f will also check the following: * masquerading and firewall presence (useful for policy enforcement) * the distance to the remote system and its uptime * other guys' network hookup (DSL, OC3, etc.) and his ISP 〔Jon Mark Allen, OS and Application Fingerprinting Techniques〕 〔http://lcamtuf.coredump.cx/p0f.shtml〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「P0f」の詳細全文を読む スポンサード リンク
|