提交时间:2004-06-10
提交用户:perky
工具分类:嗅 探 器
运行平台:Unix/Linux
工具大小:124708 Bytes
文件MD5 :5fd6a34d968b5afdbb8a8572c8ddb434
工具来源:lcamtuf.coredump.cx
about:
p0f is a versatile passive OS fingerprinting and masquerade detection utility, to be used for evidence or information gathering on servers, firewalls, IDSes, and honeypots, for pen-testing, or just for the fun of it. It is a complete rewrite of p0f version 1 that used to be maintained by William Stearns.
Usage: p0f [ -f file ] [ -i device ] [ -s file ] [ -o file ]
[ -w file ] [ -XVNDUKASCMLRqtpdlrx ]
[ -c size] [ -T nn ] [ 'filter rule' ]
-f file - read fingerprints from file
-i device - listen on this device
-s file - read packets from tcpdump snapshot
-o file - write to this logfile (implies -t)
-w file - save packets to tcpdump snapshot
-c size - cache size for -Q and -M options
-M - run masquerade detection
-T nn - set masquerade detection threshold (1-200)
-V - verbose masquerade flags reporting
-F - use fuzzy matching (do not combine with -R)
-N - do not report distances and link media
-D - do not report OS details (just genre)
-U - do not display unknown signatures
-K - do not display known signatures (for tests)
-S - report signatures even for known systems
-A - go into SYN+ACK mode (semi-supported)
-R - go into RST/RST+ACK mode (semi-supported)
-r - resolve host names (not recommended)
-q - be quiet - no banner
-p - switch card to promiscuous mode
-d - daemon mode (fork into background)
-l - use single-line output (easier to grep)
-x - include full packet dump (for debugging)
-X - display payload string (useful in RST mode)
-C - run signature collision check
-L - list all available interfaces
-t - add timestamps to every entry
'Filter rule' is an optional pcap-style BPF expression (man tcpdump).
>> 下载 <<
http://www.xfocus.net/tools/200406/723.html
