Disco v1.2 Passive Fingerprinting

From: Preston <p(at)altmode.com>
Date: Wed Jul 09 2003 - 12:30:54 EDT

Release v1.2 of Disco - Passive IP Discovery and fingerprinting tool available for download.

Disco is a passive IP discovery utility designed to uniquely identify source IPs and fingerprint TCP SYN and now TCP SYNACK packets for host OS.

Disco Features

• Uniquely identify source IPs on the network
• Toggle discovery of only TCP SYN or SYNACK packets and fingerprint
• Ability to toggle fingerprint on/off
• Output data to a flat text file
• Define TCPDUMP style rules to filter on a subnet or range of IPs
• Able to turn "uniqueness" off when fingerprinting for fingerprinting all TCP SYN or SYNACK packets
• Parse a previously saved TCPDUMP file through DISCO
• Option to add a system timestamp to output file
• Pipe output to another program
• New v1.2 Option to fingerprint SYNACK packets
• New v1.2 Option to output more verbose fingerprint info to outfile
• New v1.2 Added a ton of new fingerprints (1214 SYN/SYNACK fingerprints total)

See http://www.altmode.com/disco for download

Thanks,
Preston

---

The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn more.

---

Received on Wed Jul 9 13:42:27 2003