$Id: README,v 1.3 2003/04/22 19:59:56 fygrave Exp $
--
    Xprobe2 is a fuzzy remote OS fingerprinting tool. Xprobe2
    functionality is heavily based  on Xprobe, but also uses other OS
    fingerprinting techniques and is based on a signature base, which is
    matched in fuzzy manner.  Xprobe2 has been completely rewritten from
    the scratch in C++.



[*] License
    -------

    Xprobe2 is distributed under GNU license. See COPYING for more details.
        

[*] Requirements:
    ------------

* You will need a C++ compiler. (gcc will do)

* You will need a libusi++ library. if you don't have it yet, get one
from http://www.cs.uni-potsdam.de/homepages/students/linuxer/libs/
(a copy is available from http://www.notlsd.net too)

* You will need lipcap. (use version 0.6.x or later, if you are using linux,
timeouts are broken in earlier versions).  if libpcap is not installed in
standard path, use --with-libpcap-libraries=/path/ and
--with-libcap-includes=/path options.

[*] Supported platforms:
    --------------------

The tool has been succesefully compiled and tested on following platforms:

FreeBSD 4.x (primary development platform)
Linux 2.0.x, 2.2.x, 2.4.x
Solaris 2.x
OpenBSD 2.x NetBSD 1.4.x, 1.5.x
IRIX (with SGI freeware libpcap, http://freeware.sgi.com/, naitive SGI
compiler).

[*] Platforms which we are able to fingerprint:
    -------------------------------------------

see etc/xprobe2.conf

[***]

[*] How to install:
    ---------------

tar xvfz xprobe2-{release}.tar.gz
cd xprobe-{release}
./configure
(or ./configure --with-libpcap-libraries=/usr/local/lib --with-libcap-includes=/usr/local/include)
make
make install

send complains to fygrave@tigerteam.net if the compilation breaks. (use
--enable-debug to track/report errors)

[*] How to use:
    -----------

See manul for details. A quick hint:

xprobe2 [options] [-c path/to/xprobe2.conf] hostname[/netmask] (and watch the output). :)

available options:

-h [guess?!] :)
-v be verbose


[*] Architecture
    ------------

Xprobe2 consists of 2 major parts: core fingerprinting engine which
includes fuzzy signatures matching engine, signatures processing,
packet caching module and is generally intrefacing between the modules,
and tests, which are presented as (extrenal) (soon will be ;-)) dynamically
loadable shared modules. 

Core module has no idea about the signatures nor how they are being
applied to received packets. Please see fuzzy_fingerprinting paper in
docs for details.    

Xprobe2 modules are supposed to provide routines for signature element
parsing for each module, module names, initialisation routines, module
execution routines, module deinitialisation signatures and other
specific information. Please see API for details on modules.

[*] Docs & Updates
    --------------

http://www.sys-security.com/html/projects/X.html

[*] Other related webpages
    ----------------------

http://www.notlsd.net/xprobe/
http://www.sourceforge.net/projects/xprobe/
http://xprobe.sourceforge.net/

[*] Where to mail bugs/questions/ideas/patches/fixes:
    -------------------------------------------------

 Fyodor Yarochkin <fygrave@tigerteam.net>  Ofir Arkin <ofir@sys-security.com>
 http://www.notlsd.net                     The Sys-Security Group
                                           http://www.sys-security.com
                                   
[*] Flames:
    -------

/dev/null                                   
