path: root/network/p0f/README
diff options
author David Spencer <>2012-06-02 19:52:09 -0400
committer Erik Hanson <>2012-06-03 15:21:14 -0500
commita54303fdafdfc7a4f1b8d986788d7ba318cf5d17 (patch)
tree3137f0734c0390e732ab70e9ce895961a0a6f1e8 /network/p0f/README
parentf6dd191c0b4ff1fc715f2746c2b3f5d853e55972 (diff)
network/p0f: Updated for version 3.05b.
Signed-off-by: dsomero <>
Diffstat (limited to 'network/p0f/README')
1 files changed, 14 insertions, 11 deletions
diff --git a/network/p0f/README b/network/p0f/README
index 4f31089bf4..6d725b92cf 100644
--- a/network/p0f/README
+++ b/network/p0f/README
@@ -1,12 +1,15 @@
-p0f v2 is a passive operating system fingerprinting tool.
-It can identify the OS on:
- - machines that connect to your box (SYN mode),
- - machines you connect to (SYN+ACK mode),
- - machines you cannot connect to (RST+ mode),
- - machines whose communications you can observe.
+P0f is a tool that utilizes an array of sophisticated, purely passive
+traffic fingerprinting mechanisms to identify the players behind any
+incidental TCP/IP communications (often as little as a single normal SYN)
+without interfering in any way. Version 3 is a complete rewrite of the
+original codebase, incorporating a significant number of improvements
+to network-level fingerprinting, and introducing the ability to reason
+about application-level payloads (e.g., HTTP).
-P0f can also detect or measure the following:
- - firewall presence, NAT use,
- - existence of a load balancer setup,
- - the distance to the remote system and its uptime,
- - other guy's network hookup (DSL, OC3, avian carriers) and his ISP.
+To build and install the optional signature and API tools, specify
+TOOLS=yes to the SlackBuild, for example
+ TOOLS=yes sh p0f.SlackBuild
+If you are upgrading from p0f version 2.0.8, please note that the files
+/etc/p0f/p0f{a,o,r}.fp are no longer used and can be removed.