In our current article we will deal with one more . tool ethical hacking, p0f. P0f belongs to the category of tools that one can use in gathering information (goal gathering). Specifically, it uses fingerprinting mechanisms to identify the systems behind any TCP / IP communication, without realizing its presence. P0f is now in the 3 version, and contains several enhancements and new features that its previous releases did not contain. Some of the uses of p0f can be seen below:
- Profiling and espionage: The tool can be used to collect statistics and information about hosts and users. It also collects distance information in order to determine the remote network topology, which can be of great use in the part of pre-attack intelligence gathering.
- Network Troubleshooting: The RST + function can be used to detect network errors and connection problems that you or your guests are experiencing.
- Bypass a firewall: p0f can penetrate most NAT devices, firewalls etc. Its SYN + ACK function can be used to identify information in a connection where the firewall allows, even if the remaining packets are blocked.
How to install it
Using p0f can be done in a Windows environment, Linux and Kali Linux. Especially in Kali Linux you will find p0f pre-installed and under the "Information Gathering" category.
A prerequisite for using p0f in Windows is to install WinPcap. To download WinPcap visit the official tool's website here and download the latest installer version. Follow the Setup Wizard instructions and complete the installation.
Having successfully installed WinPcap, you can proceed with the installation of p0f by downloading the latest version of the tool from here (At the time of writing, the latest release is 3.07b).
You will notice that you downloaded a compressed folder. Unzip it and run the p0f.exe file.
Running the file will see it running in a cmd environment. After a few seconds it will return us the first information about the devices on the same network.
To install p0f in a Ubuntu Linux environment simply run one of the following commands:
sudo apt-get update
sudo apt-get install p0f
How to use it
Let's start our tour of p0f. To get started, at Kali Linux we can go to the "Information Gathering" category and choose p0f. So we'll look at all the possible parameters that we can use with this tool.
--- p0f 3.09b by Michal Zalewski --- p0f: invalid option - 'h' Usage: p0f [... options ...] ['filter rule'] Network interface options: -i iface - listen on the specified network interface -r file - read offline pcap data from a given file -p - put the listening interface in promiscuous mode -L - list all available interfaces Operating mode and output settings: -f file - read fingerprint database from 'file' (/etc/p0f/p0f.fp) -o file - write information to the specified log file -s name - answer to API queries at a named unix socket -u user - switch to the specified unprivileged account and chroot -d - fork into background (requires -o or -s) Performance-related options: -S limit - limit number of parallel API connections (20) -tc, h - set connection / host cache age limits (30s, 120m) -mc, h - cap the number of active connections / hosts (1000,10000 , 0) Optional filter expressions (man tcpdump) can be specified in the command line to prevent pXNUMXf from looking at incidental network tr affic. Problems? You can reach the author at .
In the example below we will intercept the eth0 interface in promiscuous mode to see all the traffic that is visible on this interface.
We will now open a browser and browse any page (e.g. www.twitter.com). We will see directly related to this traffic at the terminal.
We see through her IP address of our machine (in my case 192.168.142.132) and the connection he just completed with his twitter server with the 126.96.36.199 IP address on the 443 door.
We can discern useful information, such as the client using a Linux machine, which is valid as we made the connection from Kali Linux environment.
More information can be found at git repo of p0f. We look forward to your feedback.