Eric

It looks like you've added some pcapng support over the years and even have some tests built, but I'm not having any luck using it even with pcapng from your...

This code was written and initially based off my understanding of p0f v1 back in the early 2000's: - Quirks section is usually an empty list ('.') of oddities or...

pcapng - so it does appear that pypacker has a pcapng.py file: https://gitlab.com/mike01/pypacker/-/blob/master/pypacker/pcapng.py and someone did one example here on how the reader works: https://github.com/mike01/pypacker/pull/8 So yeah if pypacker has...

As for the TCP syntax, the format is based on p0f v1 format Here is a really old paper I wrote on OS fingerprinting: https://dl.packetstormsecurity.net/papers/general/OSFingerPrint.pdf Page 21 or so, look...

pcapng - attempted to get what is in pypacker to work tonight and it errors out. Have query in on pypacker github to see if ever actually implemented.

so at this time pypacker isn't going to support it, but I'll look into other options to support it if/when I get a chance.

> Hi, Can we somehow process pcapng file directly with satori without converting it into pcap first? So how much do you want to be able to process pcapng files?...

I've used pyshark in other products so it may be an option, but since there haven't been any other requests to date on this and there are ways to convert...

May reopen at a later date if there is actual push to support this, but as it has been 3 years since originally requested with minimal additions, closing for now.

Typically TTL's: 255 128 64 There are some one offs for sure like 16, 32 (old windows and other devices from the 90's), and 60 that are the starting TTL...