p0f-new.tgz提交时间:2004-06-10 提交用户:perky 工具分类:嗅 探 器 运行平台:Unix/Linux 工具大小:124708 Bytes 文件MD5 :5fd6a34d968b5afdbb8a8572c8ddb434 工具来源:lcamtuf.coredump.cx About: p0f is a versatile passive OS fingerprinting and masquerade detection utility, to be used for evidence or information gathering on servers, firewalls, IDSes, and honeypots, for pen-testing, or just for the fun of it. It is a complete rewrite of p0f version 1 that used to be maintained by William Stearns. Usage: p0f [ -f file ] [ -i device ] [ -s file ] [ -o file ] [ -w file ] [ -XVNDUKASCMLRqtpdlrx ] [ -c size] [ -T nn ] [ 'filter rule' ] -f file - read fingerprints from file -i device - listen on this device -s file - read packets from tcpdump snapshot -o file - write to this logfile (implies -t) -w file - save packets to tcpdump snapshot -c size - cache size for -Q and -M options -M - run masquerade detection -T nn - set masquerade detection threshold (1-200) -V - verbose masquerade flags reporting -F - use fuzzy matching (do not combine with -R) -N - do not report distances and link media -D - do not report OS details (just genre) -U - do not display unknown signatures -K - do not display known signatures (for tests) -S - report signatures even for known systems -A - go into SYN+ACK mode (semi-supported) -R - go into RST/RST+ACK mode (semi-supported) -r - resolve host names (not recommended) -q - be quiet - no banner -p - switch card to promiscuous mode -d - daemon mode (fork into background) -l - use single-line output (easier to grep) -x - include full packet dump (for debugging) -X - display payload string (useful in RST mode) -C - run signature collision check -L - list all available interfaces -t - add timestamps to every entry 'Filter rule' is an optional pcap-style BPF expression (man tcpdump). >> 下载 << |
