Date: Fri, 09 Feb 2007 18:03:59 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: FreeBSD Questions <questions@freebsd.org> Subject: Passive fingerprinting howto Message-ID: <45CCA97F.5030708@locolomo.org>
next in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms080400070706060302060602 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi: I know that packet filter can use passive fingerprinting to block or pass traffic, but I'd like to use it to identify what crapware is on my network. Can snort do this or is there some other tool that can sniff traffic and identify the connected systems? Thanks, Erik -- Ph: +34.666334818 web: http://www.locolomo.org --------------ms080400070706060302060602 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIK6DCC BXAwggRYoAMCAQICBEVUK6IwDQYJKoZIhvcNAQEFBQAwMTELMAkGA1UEBhMCREsxDDAKBgNV BAoTA1REQzEUMBIGA1UEAxMLVERDIE9DRVMgQ0EwHhcNMDYxMTE1MDgzMTU0WhcNMDgxMTE1 MDkwMTU0WjB1MQswCQYDVQQGEwJESzEpMCcGA1UEChMgSW5nZW4gb3JnYW5pc2F0b3Jpc2sg dGlsa255dG5pbmcxOzAUBgNVBAMUDUVyaWsgTvhyZ2FhcmQwIwYDVQQFExxQSUQ6OTgwMi0y MDAyLTItNTQ0MzY5NzY5MzE1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1/K6+GVcF UvoWJpyfhzWbu8qEOB8jU17A0dpmts7RT+ODkYq0lxJCcvvdSXNQQurvYwaPISA+EMRy+rIm rjhoyxhsM9w/XC7gELqkr1XbGt3wR0KLr5ZcRfD4HqrWM1Eh1OYxTXKod6Ox/FAqzDAy91x8 XCZzsHtiBCdgMSYxqwIDAQABo4ICzjCCAsowDgYDVR0PAQH/BAQDAgP4MCsGA1UdEAQkMCKA DzIwMDYxMTE1MDgzMTU0WoEPMjAwODExMTUwOTAxNTRaMIIBNwYDVR0gBIIBLjCCASowggEm BgoqgVCBKQEBAQEDMIIBFjAvBggrBgEFBQcCARYjaHR0cDovL3d3dy5jZXJ0aWZpa2F0LmRr L3JlcG9zaXRvcnkwgeIGCCsGAQUFBwICMIHVMAoWA1REQzADAgEBGoHGRm9yIGFudmVuZGVs c2UgYWYgY2VydGlmaWthdGV0IGfmbGRlciBPQ0VTIHZpbGvlciwgQ1BTIG9nIE9DRVMgQ1As IGRlciBrYW4gaGVudGVzIGZyYSB3d3cuY2VydGlmaWthdC5kay9yZXBvc2l0b3J5LiBCZW3m cmssIGF0IFREQyBlZnRlciB2aWxr5XJlbmUgaGFyIGV0IGJlZ3LmbnNldCBhbnN2YXIgaWZ0 LiBwcm9mZXNzaW9uZWxsZSBwYXJ0ZXIuMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAYYl aHR0cDovL29jc3AuY2VydGlmaWthdC5kay9vY3NwL3N0YXR1czAgBgNVHREEGTAXgRVub3Jn YWFyZEBsb2NvbG9tby5vcmcwgYQGA1UdHwR9MHswS6BJoEekRTBDMQswCQYDVQQGEwJESzEM MAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTEQMA4GA1UEAxMHQ1JMMTU1NzAs oCqgKIYmaHR0cDovL2NybC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwHwYDVR0jBBgw FoAUYLWF7FZkfhIZJ2cdUBVLc647+RIwHQYDVR0OBBYEFPd+a0ceJ9JmK934UXsB3G0mjv+f MAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCA6gwDQYJKoZIhvcNAQEFBQAD ggEBAE9KhX+l/ZcnhvGPhHyWnJspyCXSiuqZ+GlgMdcKXtlu8kXsqNzfDe9qSs93++zJS+HT vAW0QgyIxjY1VpgCqgyjU8e2d2D1eSRMDB09WViZk8oZkvOy0Mq3yy//CLSw3gQbXNZF+Yt+ htss+FD+idACVyRBQqlcHuaxjguyzZkK0fGBN5H5nsklDySQCU7X0i3egeIiL7zlV3cjp9KT 12tNG4jfQTaSUzBkz0R+x+Jcdyp6AI9Qg3H1iGDDI58aCTY5ohQBpDsUcLr6U842IACNCeub qDP6nDo5lnMEXwGH/RO8r4supCf5wrNRjqEX/vokUzB5QfDGtmxxZkycaaQwggVwMIIEWKAD AgECAgRFVCuiMA0GCSqGSIb3DQEBBQUAMDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNUREMx FDASBgNVBAMTC1REQyBPQ0VTIENBMB4XDTA2MTExNTA4MzE1NFoXDTA4MTExNTA5MDE1NFow dTELMAkGA1UEBhMCREsxKTAnBgNVBAoTIEluZ2VuIG9yZ2FuaXNhdG9yaXNrIHRpbGtueXRu aW5nMTswFAYDVQQDFA1FcmlrIE74cmdhYXJkMCMGA1UEBRMcUElEOjk4MDItMjAwMi0yLTU0 NDM2OTc2OTMxNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtfyuvhlXBVL6Fiacn4c1 m7vKhDgfI1NewNHaZrbO0U/jg5GKtJcSQnL73UlzUELq72MGjyEgPhDEcvqyJq44aMsYbDPc P1wu4BC6pK9V2xrd8EdCi6+WXEXw+B6q1jNRIdTmMU1yqHejsfxQKswwMvdcfFwmc7B7YgQn YDEmMasCAwEAAaOCAs4wggLKMA4GA1UdDwEB/wQEAwID+DArBgNVHRAEJDAigA8yMDA2MTEx NTA4MzE1NFqBDzIwMDgxMTE1MDkwMTU0WjCCATcGA1UdIASCAS4wggEqMIIBJgYKKoFQgSkB AQEBAzCCARYwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBvc2l0 b3J5MIHiBggrBgEFBQcCAjCB1TAKFgNUREMwAwIBARqBxkZvciBhbnZlbmRlbHNlIGFmIGNl cnRpZmlrYXRldCBn5mxkZXIgT0NFUyB2aWxr5XIsIENQUyBvZyBPQ0VTIENQLCBkZXIga2Fu IGhlbnRlcyBmcmEgd3d3LmNlcnRpZmlrYXQuZGsvcmVwb3NpdG9yeS4gQmVt5nJrLCBhdCBU REMgZWZ0ZXIgdmlsa+VyZW5lIGhhciBldCBiZWdy5m5zZXQgYW5zdmFyIGlmdC4gcHJvZmVz c2lvbmVsbGUgcGFydGVyLjBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9v Y3NwLmNlcnRpZmlrYXQuZGsvb2NzcC9zdGF0dXMwIAYDVR0RBBkwF4EVbm9yZ2FhcmRAbG9j b2xvbW8ub3JnMIGEBgNVHR8EfTB7MEugSaBHpEUwQzELMAkGA1UEBhMCREsxDDAKBgNVBAoT A1REQzEUMBIGA1UEAxMLVERDIE9DRVMgQ0ExEDAOBgNVBAMTB0NSTDE1NTcwLKAqoCiGJmh0 dHA6Ly9jcmwub2Nlcy5jZXJ0aWZpa2F0LmRrL29jZXMuY3JsMB8GA1UdIwQYMBaAFGC1hexW ZH4SGSdnHVAVS3OuO/kSMB0GA1UdDgQWBBT3fmtHHifSZivd+FF7AdxtJo7/nzAJBgNVHRME AjAAMBkGCSqGSIb2fQdBAAQMMAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQBPSoV/ pf2XJ4bxj4R8lpybKcgl0orqmfhpYDHXCl7ZbvJF7Kjc3w3vakrPd/vsyUvh07wFtEIMiMY2 NVaYAqoMo1PHtndg9XkkTAwdPVlYmZPKGZLzstDKt8sv/wi0sN4EG1zWRfmLfobbLPhQ/onQ AlckQUKpXB7msY4Lss2ZCtHxgTeR+Z7JJQ8kkAlO19It3oHiIi+85Vd3I6fSk9drTRuI30E2 klMwZM9EfsfiXHcqegCPUINx9YhgwyOfGgk2OaIUAaQ7FHC6+lPONiAAjQnrm6gz+pw6OZZz BF8Bh/0TvK+LLqQn+cKzUY6hF/76JFMweUHwxrZscWZMnGmkMYICKjCCAiYCAQEwOTAxMQsw CQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQQIERVQrojAJ BgUrDgMCGgUAoIIBRzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wNzAyMDkxNzAzNTlaMCMGCSqGSIb3DQEJBDEWBBQJqtq84aUMjNV4d0nRHGVGvioQEDBI BgkrBgEEAYI3EAQxOzA5MDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNUREMxFDASBgNVBAMT C1REQyBPQ0VTIENBAgRFVCuiMEoGCyqGSIb3DQEJEAILMTugOTAxMQswCQYDVQQGEwJESzEM MAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQQIERVQrojBSBgkqhkiG9w0BCQ8x RTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMC BzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgJVucBAsPSoQINU0HLVAMMMh2ET0 FHxSHXT98clSqAO0LpMEGgE82LsOTieD0yr5l2S+5z54Ejpbzme7fqVwiWefLIQNSB4rpsUR hzfvKF17zt/SyWLjQxdRjrF0U0FeQL6NzBkVdBwYqSJEOH1O6cN1fasFm0ydR7rMncfmZnXv AAAAAAAA --------------ms080400070706060302060602--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45CCA97F.5030708>