A network packet capture and analysis tool that detects operating systems and devices on a network using various fingerprinting methods.

• VLAN-aware packet capture
• Multiple OS detection methods:
  • DHCP fingerprinting
  • mDNS service detection
  • SSDP (UPnP) device detection
  • TCP SYN fingerprinting
  • OUI (MAC address) analysis
• Persistent storage using LMDB
• Automatic cleanup of old entries
• Detailed logging

• Python 3.8+
• Scapy
• LMDB
• msgspec

1. Clone the repository:

git clone https://github.com/yourusername/flood-os-detector.git cd flood-os-detector

2. Install dependencies:

uv pip install -r requirements.txt

Run the packet capture with:

sudo /home/tsuruoka/.local/bin/uv run main.py <interface> [--clear-db]

Example:

sudo /home/tsuruoka/.local/bin/uv run main.py eth0

To clear the existing database and start fresh:

sudo /home/tsuruoka/.local/bin/uv run main.py eth0 --clear-db

• main.py - Main packet capture and analysis script
• analyze.py - Analysis tools for captured data
• p0f_signatures.py - TCP SYN fingerprint signatures
• models.py - Data models and structures
• docs/ - Project documentation
• results/ - Analysis results and exports

Please read the development guidelines in docs/development/guidelines.md before contributing.

This project is licensed under the MIT License - see the LICENSE file for details.