Satoril

Description

Satoril is the Linux version of Satori, a passive OS fingerprinting tool, written by Eric Kollmann.

Installation

# mkdir -p /usr/local/src/satoril
# cd /usr/local/src/satoril/
# wget http://myweb.cableone.net/xnih/download/satoril.tar.gz
# gzip -cd satoril.tar.gz | tar xvf -

Usage

Basic usage

# ./satoril -i eth1 -p all

Options

-h, -help [this help screen]
-i, -interface [to bind to an interface name (do not bind to int number)]
-f, -file [read in a pcap file]
-a, -listall [to list available interfaces]
-d, -debug [provide extra info in the output]
-p, -plugin [which type of traffic you want to monitor]
-u, -unique [only show device if it is the first time that "fingerprint" has shown up]
            [all]
            [dhcp,tcp,ettercap,p0f] (no spaces allowed)
            ["dhcp tcp ettercap p0f"]

Exemple

# ./satori -i eth1 -p all
Version:  0.1.2  ->  2009-09-09
binding to interface: eth1
Data Link Type:  (1) EN10MB
Version: libpcap version 1.0.0
192.168.**.**;00:26:82:**:**:**;DHCP;Ubuntu 9 [5]; Debian 5 [5]; 
192.168.**.**;00:50:8B:**:**:**;DHCP;
192.168.**.**;00:26:82:**:**:**;TCP;
192.168.**.**;00:26:82:**:**:**;Ettercap;Linux 2.4.18 [5]; 
192.168.**.**;00:26:82:**:**:**;p0f;Linux 2.6? (barebone, rare!) [5]; 
192.168.**.**;00:50:8B:**:**:**;TCP;Linux 2.4.x [5]; 
192.168.**.**;00:50:8B:**:**:**;Ettercap;Linux 2.4.xx [5]; 
192.168.**.**;00:50:8B:**:**:**;p0f;Linux recent 2.4 (2) [5]; 
192.168.**.**;00:26:82:**:**:**;TCP;
192.168.**.**;00:26:82:**:**:**;Ettercap;Linux 2.4.18 [5]; 
192.168.**.**;00:26:82:**:**:**;p0f;Linux 2.6? (barebone, rare!) [5]; 
192.168.**.**;00:50:8B:**:**:**;TCP;Linux 2.4.x [5];