Chapter 5
PCAP Extractor and OS Fingerprinting
Abstract
This chapter focuses on two key capabilities: 1) the ability to extract key data from pcap files to convert them into the .ipDict and .osDict format. 2) the development of an extensible method of Passive OS Fingerprinting based on a truth table, which is based on the core data stored in the osDict.
Keywords
P2NMAP-Capture
P2NMAP-Analyze
P2NMAP-PCAP-Extractor
PCAP
dpkt
truth table
TTL
TOS
DF
Window Size
SYN
IP
Port
“It is by doubting that we come to investigate, and by investigating that we recognize the truth.”
Peter Abelard
Get Python Passive Network Mapping now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
