p0f is a "tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way."
This sensor can be deployed using the
Ubuntu - p0f deploy script, found in MHN's Deploy page. The script provided supports installation on Ubuntu 14.04 and 16.04 systems. To avoid installation errors, it is highly recommended you make sure the host system is fully up-to-date before running the deploy script.