From: Peter Phaal (firstname.lastname@example.org)
If you are interested in passively identifying host operating systems using
network traffic then the p0f utility < http://lcamtuf.coredump.cx/p0f.shtml
> appears to work quite well with sFlow. Host fingerprinting has a variety
of uses, including: auditing the types of machine connected to your network
and characterizing hostile traffic.
In order to use p0f with sFlow you will need to use sflowtool <
http://www.inmon.com/technology/sflowTools.php >. Most packet analysis tools
such as p0f, tcpdump, snort etc. use libpcap to capture packet headers.
sflowtool provides a mechanism for converting sflow to libpcap format. For
example, the following command runs p0f in conjunction with sflowtool:
sflowtool -t | p0f -s -
This archive was generated by hypermail 2.1.4 : 02/02/04 PST