Passive OS fingerprinting: which OS emitted this TCP packet ? p0f(packet) -> accuracy, [list of guesses]
(pkt)
| 290 | |
| 291 | @conf.commands.register |
| 292 | def p0f(pkt): |
| 293 | """Passive OS fingerprinting: which OS emitted this TCP packet ? |
| 294 | p0f(packet) -> accuracy, [list of guesses] |
| 295 | """ |
| 296 | db, sig = packet2p0f(pkt) |
| 297 | if db: |
| 298 | pb = db.get_base() |
| 299 | else: |
| 300 | pb = [] |
| 301 | if not pb: |
| 302 | warning("p0f base empty.") |
| 303 | return [] |
| 304 | # s = len(pb[0][0]) |
| 305 | r = [] |
| 306 | max = len(sig[4].split(",")) + 5 |
| 307 | for b in pb: |
| 308 | d = p0f_correl(sig, b) |
| 309 | if d == max: |
| 310 | r.append((b[6], b[7], b[1] - pkt[IP].ttl)) |
| 311 | return r |
| 312 | |
| 313 | |
| 314 | def prnp0f(pkt): |
no test coverage detected