Overview

passivetcp-rs is a modern Rust library for passive TCP/IP fingerprinting, inspired by the classic p0f tool. Its goal is to provide a robust, extensible, and efficient foundation for identifying operating systems and applications from network traffic.
Designed for easy integration and future expansion, passivetcp-rs supports new fingerprinting features, protocols, and detection standards.
The library leverages pnet for packet capture and httparse for HTTP parsing, enabling accurate analysis of TCP and HTTP flows in both live and offline environments.

Passive TCP Fingerprinting introduction

Passive TCP fingerprinting is a technique that allows you to infer information about a remote host's operating system and network stack without sending any probes. By analyzing characteristics of incoming TCP packets (such as window size, TTL, and TCP options). It's possible to make educated guesses about the remote system's OS, network setup, and sometimes even its uptime.

To get started with cargo, simply add the following line to your Cargo.toml file.

[dependencies]
passivetcp-rs = "1.0.0"

Features

  • Passive Analysis: Unlike active fingerprinting tools, passivetcp-rs does not send any packets to the target host, making it less intrusive and more stealthy.

  • Modern Rust Implementation: Leveraging Rust's safety and concurrency features, passivetcp-rs provides a reliable and efficient library for passive fingerprinting.

  • Extensibility: Designed with modularity in mind, allowing for easy addition of new fingerprinting signatures and heuristics.

  • Integration-Friendly: Can be integrated into various Rust-based network analysis tools and applications.

Use Cases

  • Network Monitoring: Identify operating systems and network devices on your network without active scanning.

  • Security Analysis: Detect potentially unauthorized devices or unexpected changes in your network's landscape.

  • Research: Study the distribution of operating systems and network stacks in different environments.

Inspiration

Library is heavily inspired by ideas from p0f.

License

Licensed under the MIT License . Refer to the license file.

Quick Example