# libosfp Libosfp is a C libaray for OS fingerprinting. ## install ``` # osfp_example depends on libpcap yum install -y libpcap-devel # build and install to ./target ./autogen.sh; ./configure --prefix="$(pwd)/target"; make clean; make install ``` ## run example ``` # load the fingerprint file ./fp.json and capture on eth0, filter tcp port 8888 ./target/bin/osfp_example -f ./fp.json -i eth0 "tcp port 8888" # outputs like this # --------------------------- SYN # Example ipv4 header detect: -------------------------- # Connection info: 114.64.231.114:57570 -> 172.21.0.10:8888 # Most likely os class: Windows # Details: # { # "likely": { # "name": "Windows", # "score": 20 # }, # "detail": [{ # "name": "Windows", # "score": 20 # }, { # "name": "Linux", # "score": 10 # }, { # "name": "Mac OS", # "score": 1 # }, { # "name": "iOS", # "score": 0 # }, { # "name": "Android", # "score": 7 # }] # } ``` ## sample ``` #include "stdio.h" #include "osfp.h" char iph[] = { 0x45, 0x00, 0x00, 0x34, 0x51, 0xc4, 0x40, 0x00, 0x80, 0x06, 0xe7, 0x27, 0xc0, 0xa8, 0x73, 0x08, 0x6a, 0xb9, 0x23, 0x6e }; char tcph[] = { 0xc1, 0xbd, 0x00, 0x50, 0x3d, 0x58, 0x51, 0x60, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x20, 0x00, 0x3d, 0x3a, 0x00, 0x00, 0x02, 0x04, 0x04, 0xec, 0x01, 0x03, 0x03, 0x08, 0x01, 0x01, 0x04, 0x02 }; int main(int argc, char **argv) { const char *json_file_path = "./fp.json"; struct iphdr *l3_hdr = (struct iphdr *)iph; struct tcphdr *l4_hdr = (struct tcphdr *)tcph; size_t l4_hdr_len = sizeof(tcph); struct osfp_db *db = osfp_db_new(json_file_path); if (db) { struct osfp_result *result = osfp_ipv4_identify(db, l3_hdr, l4_hdr, l4_hdr_len); if (result) { printf("likely os: %s\n", osfp_result_os_name_get(result)); printf("details: \n%s\n", osfp_result_score_detail_export(result)); osfp_db_free(db); } } } ```