LinuxCommandLibrary

p0f

TLDR

Start fingerprinting

$ p0f -i [eth0]
copy
Read from pcap
$ p0f -r [capture.pcap]
copy
Write to log file
$ p0f -i [eth0] -o [log.txt]
copy
Fingerprint specific port
$ p0f -i [eth0] "port 80"
copy
Run in background
$ p0f -i [eth0] -d
copy

SYNOPSIS

p0f [options] [filter]

DESCRIPTION

p0f performs passive OS fingerprinting. Identifies systems without active probing.
The tool analyzes network traffic patterns. Detects OS, NAT, and more.
p0f fingerprints passively.

PARAMETERS

-i INTERFACE

Network interface.
-r FILE
Read pcap file.
-o FILE
Output log file.
-d
Daemon mode.
-p
Promiscuous mode.
--help
Display help information.

CAVEATS

Requires raw socket access. Passive only. Signature database needed.

HISTORY

p0f was created by Michal Zalewski for passive TCP/IP stack fingerprinting.

SEE ALSO

nmap(1), tcpdump(1), wireshark(1)

Copied to clipboard