Good day, all, Michal and I are pleased to provide p0f version 1.8.2. p0f is the passive OS fingerprinting utility that can identify a remote machine from just the syn packet of an incoming connection. Note that because of a confusion about a developers release, there never was a formal 1.8.1. Here are the changes: - Addition of CREDITS, ChangeLog - p0frep log parsing tool by Michal - Documentation updates and reformatting - "-q" quiet option; doesn't print banners. (Michal) - freopen fix for compile errors in "write output to file" choice, typo fixes (Trevor Johnson) - New fingerprints - New fingerprint lengths - Support BPF capture with cooked sockets (DLT_LINUX_SLL, captured with "-i any") (Bill) - init script forces libpcap to only send up tcp packets with a syn set (Bill) - Solaris/non-gnu $< and mkdir --parents fixes (TAHARA Yuusuke) - Use printf() instead of puts() (Bill, spotted by piggyat_private) - Include note about logcheck support (John Sage <jsageat_private>) - First availability of additional unverified signatures (see http://www.stearns.org/p0f/moresigs/ , Bill) These new signatures have been automatically created by correlating incoming syn packets with the User-agent field from some web logs. While a certain amount of effort has gone into cleaning up these signatures and discarding invalid data, these have not been verfied by hand. The new site for the tool is http://www.stearns.org/p0f/ . A tar file and RPM's can be found there. Matt Scarborough is actively working on a Win32 binary for those that are interested. The binary and additional files needed to compile under win32 will be at the above URL soon after this release. We also hope to have .deb packages at that URL in the near future. Many thanks to all who have helped in p0f development! Cheers, - Bill P.S. For those wishing to capture syn packets for offline analysis with p0f, there's a wrapper script for tcpdump at http://www.stearns.org/syncapture/ . --------------------------------------------------------------------------- "Silly hacker, root is for administrators." -- Unknown (Courtesy of Fabrice MARIE <fabriceat_private>) -------------------------------------------------------------------------- William Stearns (wstearnsat_private). Mason, Buildkernel, named2hosts, and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com --------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 12:25:51 PST