1 #ifndef ETTERCAP_FINGERPRINT_H
2 #define ETTERCAP_FINGERPRINT_H
3 
4 EC_API_EXTERN int fingerprint_init(void);
5 EC_API_EXTERN int fingerprint_search(const char *f, char *dst);
6 EC_API_EXTERN void fingerprint_default(char *finger);
7 EC_API_EXTERN void fingerprint_push(char *finger, int param, int value);
8 EC_API_EXTERN u_int8 TTL_PREDICTOR(u_int8 x);
9 EC_API_EXTERN int fingerprint_submit(char* host, char* page, const char *finger, const char *os);
10 
11 #define DEFAULT_HOST "https://www.ettercap-project.org"
12 #define DEFAULT_PAGE "fingerprint.php"
13 
14 /*
15  *  The fingerprint database has the following structure:
16  *
17  *  WWWW:MSS:TTL:WS:S:N:D:T:F:LEN:OS
18  *
19  *  WWWW: 4 digit hex field indicating the TCP Window Size
20  *  MSS : 4 digit hex field indicating the TCP Option Maximum Segment Size
21  *        if omitted in the packet or unknown it is "_MSS"
22  *  TTL : 2 digit hex field indicating the IP Time To Live
23  *  WS  : 2 digit hex field indicating the TCP Option Window Scale
24  *        if omitted in the packet or unknown it is "WS"
25  *  S   : 1 digit field indicating if the TCP Option SACK permitted is true
26  *  N   : 1 digit field indicating if the TCP Options contain a NOP
27  *  D   : 1 digit field indicating if the IP Don't Fragment flag is set
28  *  T   : 1 digit field indicating if the TCP Timestamp is present
29  *  F   : 1 digit ascii field indicating the flag of the packet
30  *        S = SYN
31  *        A = SYN + ACK
32  *  LEN : 2 digit hex field indicating the length of the packet
33  *        if irrilevant or unknown it is "LT"
34  *  OS  : an ascii string representing the OS
35  */
36 
37 
38 enum {
39    FINGER_LEN = 28,
40    OS_LEN     = 60,
41    HOST_LEN   = 100,
42    PAGE_LEN   = 100,
43    FINGER_WINDOW     = 0,
44    FINGER_MSS        = 5,
45    FINGER_TTL        = 10,
46    FINGER_WS         = 13,
47    FINGER_SACK       = 16,
48    FINGER_NOP        = 18,
49    FINGER_DF         = 20,
50    FINGER_TIMESTAMP  = 22,
51    FINGER_TCPFLAG    = 24,
52    FINGER_LT         = 26,
53 };
54 
55 /*
56  * the structure for passive information
57  * carried by PO
58  */
59 
60 struct passive_info {
61    char fingerprint[FINGER_LEN+1];
62    char flags;
63       #define FP_UNKNOWN         0  /* this happen reading form a file */
64       #define FP_HOST_LOCAL      1
65       #define FP_HOST_NONLOCAL   1<<1
66       #define FP_GATEWAY         1<<2
67       #define FP_ROUTER          1<<3
68 };
69 
70 
71 #endif
72 
73 /* EOF */
74 
75 // vim:ts=3:expandtab
76 
77