This is a rewrite of security/p0f. Since the fingerprint format is different and no longer matches the format used in OpenBSD (for tcpdump and PF's OS detection features) I think it makes sense to add it as a separate (non conflicting) port rather than update the existing one.
-- -- -- -- P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP). The tool can be operated in the foreground or as a daemon, and offers a simple real-time API (via unix domain sockets) for third-party components that wish to obtain additional information about the actors they are talking to. -- -- -- -- any comments/OKs?
p0f3.tgz
Description: application/tar-gz
