Saturday, January 10, 2009

EDHCPFingerprint & EFFormat

As mentioned previously we've been busy recently on the fingerprint files. Jeff of enterasys has been quite busy on 2 programs this past month.

EDHCPFingerprint - reads in the dhcp.xml file and an exported tcpdump file of bootp packets in text format and will determine the OS based on that. It also has some other cool export features.

EFFormat - reads in all the .xml files that I have built for satori (some that I'm not even using yet) and allows you to modify them. I have a built in version in Satori that sorta did this, but nothing as nice!

Both programs can be found at Enterasys Tools page.

Due to all the recent work on these files we of course found and cleaned up a lot of old fingerprints that were inaccurate or did not provide enough info anymore. There has also been a few new fingerprints added. So the fingerprinting based on DHCP should be more accurate.

No comments: