p0f / p0f Goto Github PK

I think it would be nice to have p0f.fp version written in the file.

For example, in README.md written that ittl value of tcp-part of p0f.fp has values like 64+10. But there are no such values in my p0f base (which is 3.09b-2), only 64-. Other values are constants. That makes me think that this format will appear in future versions

So I think it would be nice to have version displayed somewhere in the comments, for example, so that I could quickly compare versions and update my p0f.fp base

P.S. It is quite possibly that I misunderstood database description, but anyway version comment is a good idea :)

docker fingerprinting (1).docx

https://redmine.pfsense.org/issues/14444

Fields stemming from HTTP Request data arent available to the API until a server response is started.

For example if a BPF expression is given to limit analysis to incoming packets only HTTP analysis will never be available via the API (it displays in console).

For example

./p0f -d -s /var/run/p0f/p0f.sock -u p0f -f /etc/p0f/p0f.fp 'tcp && ether dst 00:16:3c:6b:8f:bc'

The link in the README is broken. Should be https://lcamtuf.coredump.cx/p0f3/

Hi!

How can I run p0f in user mode with daemon without root privileges?
I use Ubuntu.

When exec:
pkexec p0f -u 6d6 -d -f '/home/6d6/fuck/p0f/p0f.fp' -s tcp -p
ALL works fine

When exec:
p0f -u 6d6 -d -f '/home/6d6/fuck/p0f/p0f.fp' -s tcp -p

error:
[+] Closed 1 file descriptor.
[+] Loaded 322 signatures from '/etc/p0f/p0f.fp'.
[+] Intercepting traffic on default interface 'enp5s0'.
[-] PROGRAM ABORT : pcap_open_live: enp5s0: You don't have permission to capture on that device (socket: Operation not permitted)
Location : prepare_pcap(), p0f.c:526

How can I fix it?

Currently p0f output an almost machine friendly output (on 2 lines) on file, or switches to a human friendly output on stdout.

It would be great to have the same consistent machine friendly output both on file and on stdout (and possibly formatted on a single line), so that it can be redirected easily e.g. to log brokers such as Kafka.

(PR arriving soon).

Hello
I have a problem when I try to start the packetfence services, only starts httpd.admin service.
He stops in p0f service, with the message (FATAL - /usr/local/bin/p0f for p0f does not exist !)

Someone can help me ??

Hello everyone
I have the packetfence configured according to the administration guide manual at the following points

• Out of band (VLAN Enforcement)
• Freeradius configuration
• Source authentication AD
• Scripts PowerShell Active Directory Integration
• network devices with switch HP procurve 2610 with 802.1x
• Portal profiles
• Portal modules
  Initially everything works fine, I can log in a desktop, I stay in the registration vlan, and through the captive portal I can authenticate with a domain account and stay in the normal vlan.

My problem is, always that I create a new user in active directory, or make a change to any other user, those changes do not work well through the local login on the desktop.

This seems like a configuration problem in the synchronization of the packetfence with the Active directory.

This problem happens only in the login of the desktops, In the authentication through the captive portal works fine, when I create a new user I can soon of the authentication with that user and pass from the registration vlan to the normal vlan

In the logs “httpd.webservice.access” and “packetfence.log” it seems to me that the synchronization between packetfence and AD is being done well through the web service at least I have no errors in the logs.

Can someone give me a clue how to solve this problem??