TCP Fingerprinting

  • Автор темы Admin
Admin

Admin

#1
Администратор
Регистрация
31.12.2019
Сообщения
6,516
Реакции
15
Установка на CentOS 7 64bit
Последовательно выполняем команды:

Код: 
yum install php-gd
yum install p0f
yum install libpcap-devel pcre-devel 
yum install tcpdump
yum install net-tools

Запуск демона:

Код: 
[root@localhost ~]# p0f -i ИмяИнтерфейсаСети -s /var/run/p0f/p0f.sock -d
--- p0f 3.09b by Michal Zalewski <[email protected]> ---

[!] Consider specifying -u in daemon mode (see README).
[+] Closed 1 file descriptor.
[+] Loaded 322 signatures from '/etc/p0f/p0f.fp'.
[+] Intercepting traffic on interface 'ИмяИнтерфейсаСети'.
[+] Default packet filtering configured [+VLAN].
[+] Listening on API socket '/var/run/p0f/p0f.sock' (max 20 clients).
[+] Daemon process created, PID 0000 (stderr not kept).

PHP код для получения данных:

Код: 
<?php

error_reporting(0);

function p0f_client($ip, $socket)
{
    if ($socket = @fsockopen('unix://'.$socket))
    {
        $query = pack('Lha*@24',0x50304601, 4, inet_pton($ip));

        fwrite($socket, $query);
        $resp = fread($socket, 233);
        fclose($socket);

        $resp = unpack( 'Lmagic_number/Lstatus/Lfirst_seen/Llast_seen'.
                        '/Ltotal_conn/Luptime_min/Lup_mod_days/Llast_nat'.
                        '/Llast_chg/cdistance/Cbad_sw/Cos_match_q'.
                        '/a32os_name/a32os_flavor/a32http_name/a32http_flavor'.
                        '/a32link_type/a32language', $resp);

        if (!is_array($resp)) {
            return false;
        }

        return $resp;
    }

    return false;
}

$array = p0f_client($_SERVER['REMOTE_ADDR'], '/var/run/p0f.sock');
print_r($array);

?>

Пример данных:

Код: 
  Array
    (
        [magic_number] => 1345340930
        [status] => 16
        [first_seen] => 1363094107
        [last_seen] => 1363096712
        [total_conn] => 26
        [uptime_min] => 0
        [up_mod_days] => 0
        [last_nat] => 0
        [last_chg] => 0
        [distance] => 0
        [bad_sw] => 0
        [os_match_q] => 0
        [os_name] => Windows
        [os_flavor] => 7 or 8
        [http_name] => Firefox
        [http_flavor] => 10.x or newer
        [link_type] => Ethernet or modem
        [language] => English
    )

link_type данные:

Код: 
DSL
Ethernet or modem
VLAN
generic tunnel or VPN
IPIP or SIT
IPSec or GRE
PPTP

Автор: SUB_ID
 
Войдите или зарегистрируйтесь для ответа.