pf.os.5 (148787) | pf.os.5 (171172) |
---|---|
1.\" $OpenBSD: pf.os.5,v 1.6 2004/03/31 11:13:03 dhartmei Exp $ | 1.\" $OpenBSD: pf.os.5,v 1.7 2005/11/16 20:07:18 stevesk Exp $ |
2.\" 3.\" Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" | 2.\" 3.\" Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" |
17.\" $FreeBSD: head/contrib/pf/man/pf.os.5 148787 2005-08-06 13:03:03Z brueffer $ | 17.\" $FreeBSD: head/contrib/pf/man/pf.os.5 171172 2007-07-03 12:30:03Z mlaier $ |
18.\" 19.Dd August 18, 2003 20.Dt PF.OS 5 21.Os 22.Sh NAME 23.Nm pf.os 24.Nd format of the operating system fingerprints file 25.Sh DESCRIPTION --- 176 unchanged lines hidden (view full) --- 202 65535:255:0:40:.:DUMMY:1.1:p3:Dummy embedded OS v1.1p3 203.Ed 204.Pp 205The 206.Xr tcpdump 1 207output of 208.Bd -literal 209 # tcpdump -s128 -c1 -nv 'tcp[13] == 2' | 18.\" 19.Dd August 18, 2003 20.Dt PF.OS 5 21.Os 22.Sh NAME 23.Nm pf.os 24.Nd format of the operating system fingerprints file 25.Sh DESCRIPTION --- 176 unchanged lines hidden (view full) --- 202 65535:255:0:40:.:DUMMY:1.1:p3:Dummy embedded OS v1.1p3 203.Ed 204.Pp 205The 206.Xr tcpdump 1 207output of 208.Bd -literal 209 # tcpdump -s128 -c1 -nv 'tcp[13] == 2' |
210 03:13:48.118526 10.0.0.1.3377 > 10.0.0.0.2: S [tcp sum ok] \e | 210 03:13:48.118526 10.0.0.1.3377 > 10.0.0.2.80: S [tcp sum ok] \e |
211 534596083:534596083(0) win 57344 <mss 1460> (DF) [tos 0x10] \e | 211 534596083:534596083(0) win 57344 <mss 1460> (DF) [tos 0x10] \e |
212 (ttl 64, id 11315) | 212 (ttl 64, id 11315, len 44) |
213.Ed 214.Pp 215almost translates into the following fingerprint 216.Bd -literal 217 57344:64:1:44:M1460: exampleOS:1.0::exampleOS 1.0 218.Ed | 213.Ed 214.Pp 215almost translates into the following fingerprint 216.Bd -literal 217 57344:64:1:44:M1460: exampleOS:1.0::exampleOS 1.0 218.Ed |
219.Pp 220.Xr tcpdump 1 221does not explicitly give the packet length. 222But it can usually be derived by adding the size of the IPv4 header to 223the size of the TCP header to the size of the TCP options. 224The size of both headers is typically twenty each and the usual 225sizes of the TCP options are: 226.Pp 227.Bl -tag -width timestamp -offset indent -compact 228.It mss 229four bytes. 230.It nop 2311 byte. 232.It sackOK 233two bytes. 234.It timestamp 235ten bytes. 236.It wscale 237three bytes. 238.El 239.Pp 240In the above example, the packet size comes out to 44 bytes. | |
241.Sh SEE ALSO 242.Xr tcpdump 1 , 243.Xr pf 4 , 244.Xr pf.conf 5 , 245.Xr pfctl 8 | 219.Sh SEE ALSO 220.Xr tcpdump 1 , 221.Xr pf 4 , 222.Xr pf.conf 5 , 223.Xr pfctl 8 |