Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Passive (p0f) OS fingerprinting in 2.3 vs 1.2.3

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      superkuh
      last edited by

      Hi. Up until 2010 or so I used pfsense 1.2.3 and really enjoyed that it used p0f for passive OS fingerprinting of all entries in the states list. It even did geoip lookups and made that information available there too. Today I installed pfsense 2.3.2 on a little Zotac CI-323 box to use as a firewall. I expected it to have the same features since the website still has a feature entry about it in https://www.pfsense.org/about-pfsense/features.html ,

      pfSense software utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? pfSense software allows for that (amongst many other possibilities) by passively detecting the Operating System in use.

      And links to p0f at http://lcamtuf.coredump.cx/p0f.shtml.

      But I can't for the life of me find the option to view or enable this feature in pfsense 2.3.2. I asked on Freenode's ##pfsense but people there thought it had been removed with other L7 fingerprinting features.

      Can anyone tell me how to enable p0f so the states page shows guesses? Or where this feature has been moved now?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.