p0f v3 (version 3.01b) Release

P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).

Some of p0f’s capabilities include:
  • Highly scalable and extremely fast identification of the operating system and software on both endpoints of a vanilla TCP connection – especially in settings where NMap probes are blocked, too slow, unreliable, or would simply set off alarms.
  • Measurement of system uptime and network hookup, distance (including topology behind NAT or packet filters), user language preferences, and so on.
  • Automated detection of connection sharing / NAT, load balancing, and application-level proxying setups.
  • Detection of clients and servers that forge declarative statements such as X-Mailer or User-Agent.

The tool can be operated in the foreground or as a daemon, and offers a simple real-time API for third-party components that wish to obtain additional information about the actors they are talking to.

Common uses for p0f include reconnaissance during penetration tests; routine network monitoring; detection of unauthorized network interconnects in corporate environments; providing signals for abuse-prevention tools; and miscellanous forensics.
You can read more about its design and operation in this document. An earlier version of p0f is used by a wide variety of projects, includingpfsense, amavisd, milter, postgrey, fwknop, the OpenBSD firewall, etc.
Read More in Here | Download In Here : http://lcamtuf.coredump.cx/p0f3/releases/