From owner-freebsd-questions@FreeBSD.ORG Fri Feb 9 19:11:51 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B629316A403 for ; Fri, 9 Feb 2007 19:11:51 +0000 (UTC) (envelope-from os@odots.org) Received: from osl1smout1.broadpark.no (osl1smout1.broadpark.no [80.202.4.58]) by mx1.freebsd.org (Postfix) with ESMTP id 76A7D13C48E for ; Fri, 9 Feb 2007 19:11:51 +0000 (UTC) (envelope-from os@odots.org) Received: from osl1sminn1.broadpark.no ([80.202.4.59]) by osl1smout1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0JD7007NJMNQXT80@osl1smout1.broadpark.no> for freebsd-questions@freebsd.org; Fri, 09 Feb 2007 20:11:50 +0100 (CET) Received: from [10.0.4.11] ([80.202.161.200]) by osl1sminn1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0JD700FF4MNQKNH1@osl1sminn1.broadpark.no> for freebsd-questions@freebsd.org; Fri, 09 Feb 2007 20:11:50 +0100 (CET) Date: Fri, 09 Feb 2007 20:11:55 +0100 From: =?ISO-8859-1?Q?=D8yvind_Skaar?= In-reply-to: <45CCA97F.5030708@locolomo.org> To: freebsd-questions@freebsd.org Message-id: <45CCC77B.3060905@odots.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 8BIT References: <45CCA97F.5030708@locolomo.org> User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.7) Gecko/20061027 SeaMonkey/1.0.5 Subject: Re: Passive fingerprinting howto X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2007 19:11:51 -0000 Erik Norgaard wrote: > Hi: > > I know that packet filter can use passive fingerprinting to block or > pass traffic, but I'd like to use it to identify what crapware is on my > network. > Maybe Zalewski's p0f can help ..? http://lcamtuf.coredump.cx/p0f.shtml ø -- Øyvind Skaar | os guesswhat odots.org | 482 78 480 | http://odots.org http://last.fm/user/%67%69%7A%7A%6C%6Fn | http://43things.com/person/%C3%B8s 6865792c207768617420646f20796f75206b6e6f772c 796f752772652061206e65726420746f6f202e2