Passive operating system identification with p0f
p0f is a comprehensive tool that was developed for the purpose of identifying remote operating systems. This tool is different from the other tools discussed here because it is built to perform operating system identification passively and without directly interacting with the target system. This specific recipe will demonstrate how to use p0f to perform passive operating system identification.
Getting ready
To use p0f to perform operating system identification, you will need to have a remote system that is running network services. In the examples provided, an instance of Metasploitable2 is used to perform this task. For more information on setting up Metasploitable2, refer to the Installing Metasploitable2 recipe in Chapter 1, Getting Started.
How to do it…
If you execute p0f directly from the command line without any prior environmental setup, you will notice that it will not provide much information unless you are directly interacting with...