P0f is an OS Fingerprinting and Forensics Tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way.
Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads.
Learn: Computer Forensics & Cyber Crime Investigation: Using Open Source Tools
Start Kali and Open p0f 3.0 in Kali Tool List.
Kali Linux -> Forensics -> Network Forensics -> p0f.
Another Method to Open the tool ,type p0f -i eth0 -l
In this Forensics Tool, To Launch p0f use this comment root@kali#p0f -i -eth0
Use interface eth0 (-i eth0)
promiscuous mode (-p)
saving the results to a file (-o /tmp/p0f.log):
Open your Browser and Surf the Target Server ( Ex:www.google.com) .you will see the lively active connection in the p0f Forensics Tool window.
Once the connection is established your Client will communicate with the server. In the below image, p0f identifies the IP address. My Client IP (10.0.2.15) Established a Connection with the Target web server (52.26.140.68) with port number 443.
Here we got some valuable OS Fingerprint information. The client used the Linux Machine.
We can Test this with Different ClientOS.
The final test of the p0f Forensics Tool runs on our interface and does forensics on a compromised system or a system under attack.
My Kali system was connected to unknown IP ( 52.26.140.68 ) with port number 443.
In the screenshot above, it identifies as server OS running by Windows and 0 hops away.
We can see the connection Uptime 5 min since it has been established with the server.
I can see that my system connected from my port 53088 to its port 443 and that this server has been up for over 198 straight days.
Author : Michal Zalewski
You can follow us on Linkedin, Twitter, and Facebook for daily Cybersecurity updates also you can check the Vulnerability Management Analysis to keep your self-updated
IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system…
The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache…
The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage…
A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…
Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…
An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial…