21 C
Jaipur
Tuesday, October 27, 2020

A Forensics Tool for Passive Traffic Analysis OS Fingerprinting

Must read

China launches crackdown on mobile web browsers, decries ‘chaos’ of information – Latest News

China's top cyber authority said it would carry out a "rectification" of Chinese mobile internet browsers to address what it called social concerns over...

cellphone: Japan unveils plan to prod carriers to cut cellphone charges – Latest News

Japan on Tuesday laid out a plan for reducing consumers' cellphone charges, as the government stepped up its bid to promote competition in the...

Uniqlo: Japanese apparel retailer Uniqlo forays into Indian online market – Latest News

Japanese global apparel retailer UNIQLO on Tuesday said it has forayed into the Indian online market. The company has introduced 'Shop From Home' service...

waymo: Waymo, Daimler partner to make self-driving trucks – Latest News

Alphabet Inc's autonomous driving technology development unit, Waymo, and a division of Germany's luxury carmaker Daimler AG have teamed up to make heavy-duty, self-driving...

P0f is an OS Fingerprinting and Forensics Tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way.

Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads.

Learn: Computer Forensics & Cyber Crime Investigation: Using Open Source Tools

Some of p0f Forensics Tool capabilities include:

  • Highly scalable and extremely fast identification of the operating system and software on both endpoints of a vanilla TCP connection – especially in settings where NMap probes are blocked, too slow, unreliable, or would simply set off alarms.
  • Measurement of system uptime and network hookup, distance (including topology behind NAT or packet filters), user language preferences, and so on.
  • Automated detection of connection sharing / NAT, load balancing, and application-level proxying setups.
  • Detection of clients and servers that forge declarative statements such as X-Mailer or User-Agent.( Forensics Tool)

Common uses for p0f include reconnaissance during penetration tests; routine network monitoring; detection of unauthorized network interconnects in corporate environments; providing signals for abuse-prevention tools; and miscellanous forensics.

Step 1:

Start Kali and Open p0f 3.0 in Kali Tool List .

Kali Linux -> Forensics -> Network Forensics -> p0f.

Forensics Tool

Another Method to Open the tool ,type p0f -i eth0 -l

Forensics Tool

Step  3:

In this Forensics Tool, To Lanch p0f use this comment  [email protected]#p0f -i -eth0

Use interface eth0 (-i eth0)

promiscuous mode (-p)

saving the results to a file (-o /tmp/p0f.log):

Forensics Tool

Step 4:

Open your Browser  and Surf the Target Server ( Ex:www.google.com) .you will see lively active connection in p0f  Forensics Tool window.

Once connection established your Client will communicate with the server. In below image p0f identifies the IP address. My Client IP (10.0.2.15) Established a Connection with Target web server (52.26.140.68) with port number 443.

Here we got some valuable OS Fingerprint information. The client used the Linux Machine.

We can Test this with Different ClientOS.

Step 5 :

p0f for Forensics

The final test of the p0f  Forensics Tool run on our interface and doing forensics on a compromised system or a system under attack.

My kali system was connected to unknown IP ( 52.26.140.68 ) with port number 443.

In the screenshot above, it identifies as server OS running by Windows and 0 hops away.

We can see the connection Uptime 5 min since it has been Established with the server .

I can see that my system connected from my port 53088 to its port 443 and that this server has been up to over 198 straight days.

Author : Michal Zalewski

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

China launches crackdown on mobile web browsers, decries ‘chaos’ of information – Latest News

China's top cyber authority said it would carry out a "rectification" of Chinese mobile internet browsers to address what it called social concerns over...

cellphone: Japan unveils plan to prod carriers to cut cellphone charges – Latest News

Japan on Tuesday laid out a plan for reducing consumers' cellphone charges, as the government stepped up its bid to promote competition in the...

Uniqlo: Japanese apparel retailer Uniqlo forays into Indian online market – Latest News

Japanese global apparel retailer UNIQLO on Tuesday said it has forayed into the Indian online market. The company has introduced 'Shop From Home' service...

waymo: Waymo, Daimler partner to make self-driving trucks – Latest News

Alphabet Inc's autonomous driving technology development unit, Waymo, and a division of Germany's luxury carmaker Daimler AG have teamed up to make heavy-duty, self-driving...