Hi,
I've just released a free opensource tool at
I was finding situations where I was often having to trawl though large packet capture files (not fun in late night incident response), so I knocked something together to help with the forensics triage and identify machines and fingerprint them if possible. I've been using it to focus my analysis in tools like NetworkMiner or NetWitness.
Once that was done it was reasonably easy to build a "portscanning without sending packets" tool.
Anyway it's still early in development, and I'm very keen to hear any feedback or suggestions for the tool.
Thanks!
Chris
Having designed this, how do you think it would compare to p0f?
http//
So I've gone down exploiting broadcast messages exclusively - that was due to some of the data protection issues I've faced during pentests - trying to minimize amount collected - especially from WiFi sniffers like Kismet (I've been using this tool on the back of Kismet files).
p0f looks great, I'll have a play with it )