0

I have a .cap file that I captured and I would like to run p0f on it and output the results to a log file. I was able to download and compile the code into p0f.exe by using a Cygwin bash shell. I tried to follow these directions to run p0f using PowerShell, but they seem to be outdated for the older version of p0f...

Any suggestions on how to run p0f on Windows? Is it possible via Cygwin or PowerShell?

PS - I am using Windows 7

Edit- I tried to run p0f through Cygwin, like this:

$ ./p0f.exe -r my_file.cap -o analyze.log

However, I then received this error:

--- p0f 3.06b by Michal Zalewski <lcamtuf@coredump.cx> ---


[+] Closed 1 file descriptor.
[+] Loaded 314 signatures from 'p0f.fp'.
[-] PROGRAM ABORT : pcap_open_offline: bad dump file format
     Location : prepare_pcap(), p0f.c:475

I am not sure what a "bad dump file format" is and why that caused the program to abort...

Any help would be appreciated, thanks!

KJ50
  • 765
  • 1
  • 10
  • 27

2 Answers2

3

Install WinPcap - https://winpcap.org/default.htm and p0f for Windows - http://www.info-sec.ca/p0f.html

Mark
  • 31
  • 2
0

Why do you not just use TShark.exe which is part of the Wireshark implementation

Scary Wombat
  • 44,617
  • 6
  • 35
  • 64
  • Does TShark.exe have OS fingerprinting capability? If so, then I would need to look into it more. – KJ50 Oct 25 '13 at 07:01