Jump to content

Automatic passive OS fingerprinting


Recommended Posts

Hello guys,

I'm looking for a tool to gather informations about hosts connected to my network (eventualy pirates hosts), the only way that I found to do that on a passive way (not active by discovering the whole network everytime using nmap or snmp scan for example), are tools like ettercap and p0f or python scapy with passive OS fingerprinting, but what I need is to gather informations on host each time a new one is discovered, so ettercap (or another tool) have to send me this information in real time, i'm trying to use API that those tools gives but they don't work this way.

For example, I tried with p0f tool (which ettercap use too I think) using his API, and I can ask information about an IP address or a couple of IP address (or the whole network) but this is not good for me since I don't want to ask for that everytime but I need to make it automatic or easier, so basically I want to have a server (mine) who will receive hosts informations from a tool like ettercap.

The other way I tired is to code a packet sniffer like ettercap, which is in fact a really basic packet analyzer, but this way I can only have basics informations such as IP and MAC address, but ettercap give some more interesting informations like operating systems and some other informations.

I can also pars the log file of a tool but this is not a good way too, since I have to pars this log file each time.

Is there a specific tool who can make this possible? I know it's possible, all I need is a little clue :wacko: and I don't know where I can find it.

Thanks in advance,


Link to comment
Share on other sites

You don't have to use a network tap but if you do then it sees all network traffic, without one you either see only broadcast traffic or you have to mess with ARP poisoning, the first you will miss a lot, the second you'll probably break your network.

Try taking a look at the Security Onion distro, it is more IDS orientated but may have the tools you want. Also check out NetworkMiner http://www.netresec.com/?page=NetworkMiner

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...