p0f

p0f support is here!

p0f is required to run NU-Honeypot, using p0f we are able to detect details about the attackers passively.

we forked the recommended version of p0f and you can clone it by running:
git clone https://bitbucket.org/securenucleon/p0f.git

cd p0f
./build.sh

copy p0f executable to the place you want.

run p0f in the background using a socket:

p0f -s /var/run/p0f.sock -d -o /var/log/p0f.log -f /etc/p0f/p0f.fp

(make sure you point to the right paths , specially the p0f.fp file)

if build.sh is complaining about missing libpcap run:
apt-get install libpcap-dev -y

and re run ./build.sh