Tool and Usage
P0f is a security tool that utilizes passive traffic fingerprinting mechanisms to identify the systems behind any incidental TCP/IP communications.
This tool is a great addition to nmap, especially if that reveals not reliable data or none at all. Due to the passive way of working, it won't be detected nor influences any connection.
- Version 3 of p0f is a full rewrite
- The idea for p0f dates back to June 10, 2000
- Tool can run in foreground or as a daemon process
Common uses for p0f include reconnaissance during penetration tests; routine network monitoring; detection of unauthorized network interconnects in corporate environments; providing signals for abuse-prevention tools; and miscellaneous forensics.
Usage and audience
- + Project is mature (10+ years)
- + The source code of this software is available
- + Well-known tool
Author and Maintainers
P0f is under development by Michał Zalewski.