Collection of utilities to aid in sniffing network data.
These programs require:
Built and tested on OpenBSD, Linux, Solaris, and WIN32!. YMMV.
- dsniff
-
simple password sniffer. handles FTP, Telnet, HTTP, POP, NNTP,
IMAP, SNMP, LDAP, Rlogin, NFS, SOCKS, X11, IRC, AIM, CVS, ICQ,
Napster, Citrix ICA, Symantec pcAnywhere, NAI Sniffer,
Microsoft SMB, and Oracle SQL*Net auth info. goes beyond most
sniffers in that it minimally parses each application
protocol, only saving the "interesting" bits. uses Berkeley DB
as its output file format, logging only unique auth
info. supports full TCP/IP reassembly, courtesy of libnids
(all of the following tools do, as well).
- mailsnarf
-
a fast and easy way to violate the Electronic Communications
Privacy Act of 1986 (18 USC 2701-2711), be careful. outputs
all messages sniffed from SMTP traffic in Berkeley mbox
format, suitable for offline browsing with your favorite mail
reader (mail -f, pine, etc.).
- urlsnarf
-
output all requested URLs sniffed from HTTP traffic in CLF
(Common Log Format, used by almost all web servers), suitable
for offline post-processing with your favorite web log
analysis tool (analog, wwwstat, etc.).
- webspy
-
sends URLs sniffed from a client to your local Netscape
browser for display, updated in real-time (as the target
surfs, your browser surfs along with them, automagically).
a fun party trick. :-)
future work: filesnarf (NFS, SMB, AFS), msgsnarf (ICQ, AIM, IRC),
screenspy (x11, VNC)
(don't hold your breath)
<[email protected]>
[ Original Site ]
|
