mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-24 04:33:24 +00:00
Adding p0f version 1.7.
A passive OS fingerprinting tool. PR: 19225 Submitted by: Trevor Johnson <trevor@jpj.net>
This commit is contained in:
parent
0ca0371584
commit
0a382d079d
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=30418
33
net-mgmt/p0f/Makefile
Normal file
33
net-mgmt/p0f/Makefile
Normal file
@ -0,0 +1,33 @@
|
||||
# New ports collection makefile for: p0f
|
||||
# Date created: 2000-06-12
|
||||
# Whom: Trevor Johnson
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= p0f
|
||||
PORTVERSION= 1.7
|
||||
CATEGORIES= net
|
||||
MASTER_SITES= http://lcamtuf.hack.pl/
|
||||
DISTNAME= ${PORTNAME}
|
||||
EXTRACT_SUFX= .tgz
|
||||
|
||||
MAINTAINER= trevor@jpj.net
|
||||
|
||||
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
|
||||
|
||||
post-patch:
|
||||
@${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/p0f.c
|
||||
@${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/README
|
||||
|
||||
do-install:
|
||||
@${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/bin
|
||||
@${INSTALL_DATA} ${WRKSRC}/p0f.fp ${PREFIX}/etc
|
||||
|
||||
post-install:
|
||||
.if !defined(NOPORTDOCS)
|
||||
@${MKDIR} ${PREFIX}/share/doc/p0f
|
||||
@${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/p0f
|
||||
.endif
|
||||
|
||||
.include <bsd.port.mk>
|
1
net-mgmt/p0f/distinfo
Normal file
1
net-mgmt/p0f/distinfo
Normal file
@ -0,0 +1 @@
|
||||
MD5 (p0f.tgz) = 5d4242df39c6325683ee02f9e95f2801
|
78
net-mgmt/p0f/files/patch-README
Normal file
78
net-mgmt/p0f/files/patch-README
Normal file
@ -0,0 +1,78 @@
|
||||
--- README.orig Mon Jun 12 15:28:41 2000
|
||||
+++ README Mon Jun 12 21:15:54 2000
|
||||
@@ -27,30 +27,31 @@
|
||||
|
||||
Background:
|
||||
|
||||
- * What is passive OS fingerprinting?
|
||||
+ * What is passive OS fingerprinting?
|
||||
|
||||
- Passive OS fingerprinting technique bases on information coming
|
||||
- from remote host when it establishes connection to our system. Captured
|
||||
- packets contains enough information to determine OS - and, unlike
|
||||
- active scanners (nmap, queSO) - without sending anything to this host.
|
||||
+ Passive OS fingerprinting is based on information coming from a remote host
|
||||
+ when it establishes a connection to our system. Captured packets contain
|
||||
+ enough information to identify the operating system. In contrast to active
|
||||
+ scanners such as nmap and QueSO, p0f does not send anything to the host being
|
||||
+ identified.
|
||||
|
||||
If you're looking for more information, read Spitzner's text at:
|
||||
http://www.enteract.com/~lspitz/finger.html
|
||||
|
||||
- * How it works?
|
||||
+ * How does it work?
|
||||
|
||||
Well, there are some TCP/IP flag settings specific for given systems.
|
||||
Usually initial TTL (8 bits), window size (16 bits), maximum segment size
|
||||
(16 bits), don't fragment flag (1 bit), sackOK option (1 bit), nop option
|
||||
- (1 bit) and window scaling option (8 bits) combined together gives unique,
|
||||
+ (1 bit) and window scaling option (8 bits) combined together give a unique,
|
||||
51-bit signature for every system.
|
||||
|
||||
- * What are main advantages?
|
||||
+ * What are the main advantages?
|
||||
|
||||
- Passive OS fingerprinting can be done on huge portions of input data - eg.
|
||||
- information gathered on firewall, proxy, routing device or Internet server,
|
||||
- without causing any network activity. You can launch passive OS detection
|
||||
- software on such machine and leave it for days, weeks or months, collecting
|
||||
+ Passive OS fingerprinting can be done on huge amounts of input data -
|
||||
+ gathered on a firewall, proxy, routing device or Internet server - without
|
||||
+ causing any network activity. You can launch passive OS detection
|
||||
+ software on such a machine and leave it for days or months, collecting
|
||||
really interesting statistical and - *erm* - just interesting information.
|
||||
What's really funny - packet filtering firewalls, network address
|
||||
translation and so on are transparent to p0f-alike software, so you're able
|
||||
@@ -62,7 +63,7 @@
|
||||
Limitations
|
||||
|
||||
Proxy firewalls and other high-level proxy devices are not transparent to
|
||||
- any tcp fingerprinting software. It applies to p0f, as well.
|
||||
+ any TCP fingerprinting software. It applies to p0f, as well.
|
||||
|
||||
In order to obtain information required for fingerprinting, you have to
|
||||
receive at least one SYN packet initializing TCP connection to your
|
||||
@@ -78,9 +79,9 @@
|
||||
window size are constant for initial TCP/IP packet, but changing rapidly
|
||||
later).
|
||||
|
||||
-Why our bubble gum is better?
|
||||
+Why is our bubble gum better?
|
||||
|
||||
- There is another passive OS detection utility, called 'siphon'. It's
|
||||
+ There is another passive OS detection utility, called 'siphon'. It's a
|
||||
pretty good piece of proof-of-concept software, but it isn't perfect. Well,
|
||||
p0f isn't perfect for sure, but has several improvements:
|
||||
|
||||
@@ -128,8 +129,8 @@
|
||||
|
||||
Files:
|
||||
|
||||
- /etc/p0f.fp or ./p0f.fp - OS fingerprints database. Format is described
|
||||
- inside:
|
||||
+ /etc/p0f.fp or ./p0f.fp - OS fingerprints database.
|
||||
+ The format is described inside:
|
||||
|
||||
# Valid entry describes the way server starts TCP handshake (first SYN).
|
||||
# Important options are: window size (wss), maximum segment size (mss),
|
1
net-mgmt/p0f/pkg-comment
Normal file
1
net-mgmt/p0f/pkg-comment
Normal file
@ -0,0 +1 @@
|
||||
Passive OS fingerprinting tool
|
24
net-mgmt/p0f/pkg-descr
Normal file
24
net-mgmt/p0f/pkg-descr
Normal file
@ -0,0 +1,24 @@
|
||||
from the README:
|
||||
|
||||
Passive OS fingerprinting is based on information coming from a remote host
|
||||
when it establishes a connection to our system. Captured packets contain
|
||||
enough information to identify the operating system. In contrast to active
|
||||
scanners such as nmap and QueSO, p0f does not send anything to the host being
|
||||
identified.
|
||||
|
||||
For more information, read Spitzner's text at:
|
||||
http://www.enteract.com/~lspitz/finger.html .
|
||||
|
||||
from the maintainer:
|
||||
|
||||
Use of this program requires read access to the packet filtering
|
||||
device, typically /dev/bpf0. Granting such access allows the users
|
||||
who have it to put your Ethernet device into promiscuous mode and
|
||||
sniff your network. See
|
||||
http://www.infoworld.com/articles/op/xml/00/05/29/000529opswatch.xml
|
||||
if you do not understand how this can be harmful. Running p0f with
|
||||
no options will cause it to analyse packets intended for other
|
||||
hosts.
|
||||
|
||||
Trevor Johnson
|
||||
trevor@jpj.net
|
4
net-mgmt/p0f/pkg-plist
Normal file
4
net-mgmt/p0f/pkg-plist
Normal file
@ -0,0 +1,4 @@
|
||||
bin/p0f
|
||||
etc/p0f.fp
|
||||
share/doc/p0f/README
|
||||
@dirrm share/doc/p0f
|
33
net/p0f/Makefile
Normal file
33
net/p0f/Makefile
Normal file
@ -0,0 +1,33 @@
|
||||
# New ports collection makefile for: p0f
|
||||
# Date created: 2000-06-12
|
||||
# Whom: Trevor Johnson
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= p0f
|
||||
PORTVERSION= 1.7
|
||||
CATEGORIES= net
|
||||
MASTER_SITES= http://lcamtuf.hack.pl/
|
||||
DISTNAME= ${PORTNAME}
|
||||
EXTRACT_SUFX= .tgz
|
||||
|
||||
MAINTAINER= trevor@jpj.net
|
||||
|
||||
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
|
||||
|
||||
post-patch:
|
||||
@${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/p0f.c
|
||||
@${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" ${WRKSRC}/README
|
||||
|
||||
do-install:
|
||||
@${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/bin
|
||||
@${INSTALL_DATA} ${WRKSRC}/p0f.fp ${PREFIX}/etc
|
||||
|
||||
post-install:
|
||||
.if !defined(NOPORTDOCS)
|
||||
@${MKDIR} ${PREFIX}/share/doc/p0f
|
||||
@${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/p0f
|
||||
.endif
|
||||
|
||||
.include <bsd.port.mk>
|
1
net/p0f/distinfo
Normal file
1
net/p0f/distinfo
Normal file
@ -0,0 +1 @@
|
||||
MD5 (p0f.tgz) = 5d4242df39c6325683ee02f9e95f2801
|
78
net/p0f/files/patch-README
Normal file
78
net/p0f/files/patch-README
Normal file
@ -0,0 +1,78 @@
|
||||
--- README.orig Mon Jun 12 15:28:41 2000
|
||||
+++ README Mon Jun 12 21:15:54 2000
|
||||
@@ -27,30 +27,31 @@
|
||||
|
||||
Background:
|
||||
|
||||
- * What is passive OS fingerprinting?
|
||||
+ * What is passive OS fingerprinting?
|
||||
|
||||
- Passive OS fingerprinting technique bases on information coming
|
||||
- from remote host when it establishes connection to our system. Captured
|
||||
- packets contains enough information to determine OS - and, unlike
|
||||
- active scanners (nmap, queSO) - without sending anything to this host.
|
||||
+ Passive OS fingerprinting is based on information coming from a remote host
|
||||
+ when it establishes a connection to our system. Captured packets contain
|
||||
+ enough information to identify the operating system. In contrast to active
|
||||
+ scanners such as nmap and QueSO, p0f does not send anything to the host being
|
||||
+ identified.
|
||||
|
||||
If you're looking for more information, read Spitzner's text at:
|
||||
http://www.enteract.com/~lspitz/finger.html
|
||||
|
||||
- * How it works?
|
||||
+ * How does it work?
|
||||
|
||||
Well, there are some TCP/IP flag settings specific for given systems.
|
||||
Usually initial TTL (8 bits), window size (16 bits), maximum segment size
|
||||
(16 bits), don't fragment flag (1 bit), sackOK option (1 bit), nop option
|
||||
- (1 bit) and window scaling option (8 bits) combined together gives unique,
|
||||
+ (1 bit) and window scaling option (8 bits) combined together give a unique,
|
||||
51-bit signature for every system.
|
||||
|
||||
- * What are main advantages?
|
||||
+ * What are the main advantages?
|
||||
|
||||
- Passive OS fingerprinting can be done on huge portions of input data - eg.
|
||||
- information gathered on firewall, proxy, routing device or Internet server,
|
||||
- without causing any network activity. You can launch passive OS detection
|
||||
- software on such machine and leave it for days, weeks or months, collecting
|
||||
+ Passive OS fingerprinting can be done on huge amounts of input data -
|
||||
+ gathered on a firewall, proxy, routing device or Internet server - without
|
||||
+ causing any network activity. You can launch passive OS detection
|
||||
+ software on such a machine and leave it for days or months, collecting
|
||||
really interesting statistical and - *erm* - just interesting information.
|
||||
What's really funny - packet filtering firewalls, network address
|
||||
translation and so on are transparent to p0f-alike software, so you're able
|
||||
@@ -62,7 +63,7 @@
|
||||
Limitations
|
||||
|
||||
Proxy firewalls and other high-level proxy devices are not transparent to
|
||||
- any tcp fingerprinting software. It applies to p0f, as well.
|
||||
+ any TCP fingerprinting software. It applies to p0f, as well.
|
||||
|
||||
In order to obtain information required for fingerprinting, you have to
|
||||
receive at least one SYN packet initializing TCP connection to your
|
||||
@@ -78,9 +79,9 @@
|
||||
window size are constant for initial TCP/IP packet, but changing rapidly
|
||||
later).
|
||||
|
||||
-Why our bubble gum is better?
|
||||
+Why is our bubble gum better?
|
||||
|
||||
- There is another passive OS detection utility, called 'siphon'. It's
|
||||
+ There is another passive OS detection utility, called 'siphon'. It's a
|
||||
pretty good piece of proof-of-concept software, but it isn't perfect. Well,
|
||||
p0f isn't perfect for sure, but has several improvements:
|
||||
|
||||
@@ -128,8 +129,8 @@
|
||||
|
||||
Files:
|
||||
|
||||
- /etc/p0f.fp or ./p0f.fp - OS fingerprints database. Format is described
|
||||
- inside:
|
||||
+ /etc/p0f.fp or ./p0f.fp - OS fingerprints database.
|
||||
+ The format is described inside:
|
||||
|
||||
# Valid entry describes the way server starts TCP handshake (first SYN).
|
||||
# Important options are: window size (wss), maximum segment size (mss),
|
1
net/p0f/pkg-comment
Normal file
1
net/p0f/pkg-comment
Normal file
@ -0,0 +1 @@
|
||||
Passive OS fingerprinting tool
|
24
net/p0f/pkg-descr
Normal file
24
net/p0f/pkg-descr
Normal file
@ -0,0 +1,24 @@
|
||||
from the README:
|
||||
|
||||
Passive OS fingerprinting is based on information coming from a remote host
|
||||
when it establishes a connection to our system. Captured packets contain
|
||||
enough information to identify the operating system. In contrast to active
|
||||
scanners such as nmap and QueSO, p0f does not send anything to the host being
|
||||
identified.
|
||||
|
||||
For more information, read Spitzner's text at:
|
||||
http://www.enteract.com/~lspitz/finger.html .
|
||||
|
||||
from the maintainer:
|
||||
|
||||
Use of this program requires read access to the packet filtering
|
||||
device, typically /dev/bpf0. Granting such access allows the users
|
||||
who have it to put your Ethernet device into promiscuous mode and
|
||||
sniff your network. See
|
||||
http://www.infoworld.com/articles/op/xml/00/05/29/000529opswatch.xml
|
||||
if you do not understand how this can be harmful. Running p0f with
|
||||
no options will cause it to analyse packets intended for other
|
||||
hosts.
|
||||
|
||||
Trevor Johnson
|
||||
trevor@jpj.net
|
4
net/p0f/pkg-plist
Normal file
4
net/p0f/pkg-plist
Normal file
@ -0,0 +1,4 @@
|
||||
bin/p0f
|
||||
etc/p0f.fp
|
||||
share/doc/p0f/README
|
||||
@dirrm share/doc/p0f
|
Loading…
Reference in New Issue
Block a user