Application layer protocol (client-server) - Transfers information using headers ! “allows the client to pass additional information about the request, and about the client itself, to the server”! - RFC2616!
p0f: Considerations ! - Examines at the application and transport layers - Struggles to reliably detect the host OS - Relies on the spoof-ability of the malware author - Identiﬁes malicious behavior fairly well - No tool or tool set will ever be 100% accurate!