Overview · Passive TCP fingerprint

It is an experimental Rust library inspired by p0f, the well-known passive OS fingerprinting tool originally written in C. This library aims to bring the power of passive TCP/IP fingerprinting to the Rust ecosystem while offering a more modern, efficient, and extensible implementation.
This passive TCP fingerprint library uses pnet and httparse libraries to analyze and parse TCP packets to capture HTTP traffic.

What is Passive TCP Fingerprinting?

Passive TCP fingerprinting is a technique that allows you to infer information about a remote host's operating system and network stack without sending any probes. By analyzing characteristics of incoming TCP packets (such as window size, TTL, and TCP options). It's possible to make educated guesses about the remote system's OS, network setup, and sometimes even its uptime.

To get started with cargo, simply add the following line to your Cargo.toml file.

[dependencies]
passivetcp-rs = "0.1.0-alpha.3"

Features

Passive Analysis: Unlike active fingerprinting tools, passivetcp-rs does not send any packets to the target host, making it less intrusive and more stealthy.
Modern Rust Implementation: Leveraging Rust's safety and concurrency features, passivetcp-rs provides a reliable and efficient library for passive fingerprinting.
Extensibility: Designed with modularity in mind, allowing for easy addition of new fingerprinting signatures and heuristics.
Integration-Friendly: Can be integrated into various Rust-based network analysis tools and applications.

Use Cases

Network Monitoring: Identify operating systems and network devices on your network without active scanning.
Security Analysis: Detect potentially unauthorized devices or unexpected changes in your network's landscape.
Research: Study the distribution of operating systems and network stacks in different environments.

Inspiration

Library is heavily inspired by ideas from p0f.

License

Licensed under the MIT License . Refer to the license file.