Skip to content

Duckulus/syn-sniff

BranchesTags

Repository files navigation

syn-sniff

Support Discord Maven Central Version GitHub Actions Workflow Status

A plugin for Paper and Velocity that passively sniffs TCP/IP SYN packets to give deeper insight into player connections. This can be used to reveal information such as the Operating System or VPN.

Requirements

  • Java 21
  • pcap native library (libpcap, WinPcap, Npcap)
  • Administrator privileges or Capabilities (Linux)

Usage

Command Description Permission
/fingerprint <player> View raw TCP/IP fingerprint info synsniff.command-fingerprint
/predictos <player> Show the predicted operating system synsniff.command-predictos

Demo

Demo

Installation (Without proxy)

First make Sure you meet all the Requirements

If you run a single Paper server which is not running behind any proxy, follow these instructions to install the plugin. Otherwise, view Installation (proxy)

  1. Download the latest Jar ending in -paper from the Releases page.
  2. Place the .jar into your servers plugins/ directory
  3. Start the server once to generate the default config
  4. Open plugins/SynSniff/config.yml and configure the plugin
  5. Restart the Server

⚠️ Important: In your config, you must set the correct network interface for your system. This is required for the plugin to work! You can find interface names using
ip link show (Linux/macOS) or netsh interface show interface (Windows). You should use the interface your server uses to connect to the internet or local network.

Installation (proxy)

First make Sure you meet all the Requirements

If your servers run behind a Velocity proxy, follow these instructions to install the plugin. Otherwise, view Installation (Without proxy)

  1. Download the latest Jar ending in -velocity from the Releases page.
  2. Place the .jar into your servers plugins/ directory
  3. Start the server once to generate the default config
  4. Open plugins/syn-sniff/config.yml and configure the plugin
  5. Restart the Server

⚠️ Important: In your config, you must set the correct network interface for your system. This is required for the plugin to work! You can find interface names using
ip link show (Linux/macOS) or netsh interface show interface (Windows). You should use the interface your server uses to connect to the internet or local network.

Developer API

We provide a simple API for plugin developers to access fingerprinting data.

Check out the Wiki for detailed documentation on installation and usage of the API.

Todo

This project is under active development and there is plenty of room to contribute.

Below is a list of stuff that still needs to be done:

  • More sophisticated OS prediction using more sample Records
  • Support for IPv6
  • Optional Persistence of Fingerprints
  • Velocity Support
  • More modular code structure possibly supporting different kinds of servers
  • API for plugin devs

About

Passive TCP/IP stack fingerprinting for minecraft

Resources

Readme

License

MIT license
Activity

Stars

27 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 2

v1.1 Added Velocity Support Latest
Jul 23, 2025
+ 1 release

Packages

No packages published

Languages