p0f
p0f support is here!
p0f is required to run NU-Honeypot, using p0f we are able to detect details about the attackers passively.
we forked the recommended version of p0f and you can clone it by running:
git clone https://bitbucket.org/securenucleon/p0f.git
cd p0f
./build.sh
copy p0f executable to the place you want.
run p0f in the background using a socket:
p0f -s /var/run/p0f.sock -d -o /var/log/p0f.log -f /etc/p0f/p0f.fp
(make sure you point to the right paths , specially the p0f.fp file)
if build.sh is complaining about missing libpcap run:
apt-get install libpcap-dev -y
and re run ./build.sh
Updated less than a minute ago