Thank you so, so much for taking up this project. I really like what you've done and I think it has great potential! It's been a long time since anyone in the open-source community has put in this kind of work into passive fingerprinting.
I was wondering if you had any plans/interest in maintaining an updated list of signatures. For example, the creator of p0f has not updated his finger print files in 4 years. There's no mention of Vista / Windows 7 / Newer Apple OSes. Do you know of any such projects?
Yes, it sure is sad that Michal Zalewski hasn't updated p0f in many years.
Luckily there is Satori http://myweb.cableone.net/xnih/, created by Eric Kollmann. I'm using the passive OS fingerprinting database from Satori in NetworkMiner, I haven't created any OS DB of my own. I think Eric K would appreciate any help in keeping his database up to date with new OS's.
Thanks so much for the quick response!
I see that Satori has several ways of OS fingerprinting, including the use of p0f. I also see that it has (and you use) tcp.xml. Is that file something that Kollmann is using in his own fingerprinting technique or are those fingerprints supplemental to the p0f finger prints?
Ok, very old thread, but since it was in reference to me. Yes all of those files are files I use in Satori. DHCP, TCP, multiple web ones, etc.
Satori can now be found at: http://chatteronthewire.org