fingerprint – Host Fingerprinting

March 26, 2020

Passive OS fingerprinting is installed as part of the Policy Tools suite. This functionality yields information about inbound connections. For more information about installing the Policy Tools suite, see “Installing Partner Modules”.

The Host Fingerprint module performs passive OS fingerprinting based on the incoming SMTP connections.

Momentum uses version 2.0.8 of Passive OS fingerprinting.

Configuration

fingerprint "fingerprint1" {
  max_cache_size = 10000
}
max_cache_size

The max_cache_size option specifies the maximum size of the cache of common hosts. The default value is 10000.

Passive operating system fingerprinting runs as a daemon that Momentum communicates with over a socket, /tmp/p0fd. This daemon is started using the command: /etc/init.d/msys-p0f start . The fingerprints are all included in the msys-p0f package and are located in /opt/msys/3rdParty/etc/p0f/. These fingerprints do not need to be modified.