On Fri, 26 Jan 2007, Giampaolo Tomassoni wrote:
> Why does the p0f-analyzer.pl script exists?
>
> I see that the p0f tool is capable of caching a
specified amount of request, and then reply to queries
issues through a unix socket.
>
> This in native C-language, which often means reduced
size and increased performance with respect to perl's
p0f-analyzer.pl.
>
> Giampaolo.
If I understand correctly, when you are running p0f with -Q
(unix socket)
option, there is no easy way to get the tcp source port and
put it in
the query packets to get the correct cached result. I don't
know if there
is MTA or smtp implementation to cache smtp client tcp
source port.
Vincent
http://bl0g.blogdns.com
------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys -
and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
|