Ethereal-dev: [Ethereal-dev] Integration of OS TCP/IP Stack Fingerprinting

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Tan ChaurLih" <chaurlih@xxxxxxxxxxx>
Date: Tue, 30 Mar 2004 05:49:24 +0000
Hi List,

I wonder if anyone's interested in building in OS TCP/IP Stack Fingerprinting code into Ethereal? The engine I am considering is available at http://lcamtuf.coredump.cx/p0f.shtml . Though it hasn't been updated for a long time, the code has been integrated into OpenBSD's firewall. So, how much interest is there among you guys to do this?

The biggest use of this integration is the ability to spot suspicious activity (like linux boxes sending out Slammer Worm packets and having multiple OSes running off the same IP address / MAC address), which I believe makes it very useful and interesting for many of us.

  Any interested parties?

CL.

_________________________________________________________________
Find it on the web with MSN Search. http://search.msn.com.sg/