p0f is a versatile passive OS and application fingerprinter, and a tool for detecting NAT/connection sharing. It is useful for penetration testing, routine network monitoring, and forensics, and to aid abuse detection tools such as IDSes, spam filters, or honeypots.
|Tags||Security Networking Firewalls Monitoring Systems Administration Utilities|
|Operating Systems||POSIX AIX Windows Windows Mac OS X BSD Linux Solaris Unix|
Release Notes: This complete rewrite adds a range of new TCP fingerprinting mechanisms, sophisticated NAT detection, HTTP inspection and fingerprinting, and updated signatures.
Release Notes: New fingerprints were added. Diagnostic and statistics query mode and utilities were contributed. Other minor fixes were made.
Release Notes: New fingerprints were added, including ones for Windows Vista. Support for older architectures was improved. The plugin query capability was improved. Minor bugfixes were made.
Release Notes: New signatures, better logging, and various minor improvements. Fixes to compile on newer Linux distributions. A Cygwin port.
Release Notes: Established connection fingerprinting (ACK mode) is now supported. 802.1Q VLAN support had been added. New fingerprints are available. Minor other tweaks have been added.