View previous topic :: View next topic |
Author |
Message |
Rottz Just Arrived
Joined: 29 Mar 2003 Posts: 3 Location: East Coast, USA
|
Posted: Thu Apr 24, 2003 8:06 pm Post subject: Packet Peekers |
|
|
Packet Peekers
BY Marcus Ranum
Packet analyzers give you a worm's-eye view of what's traversing your network
Quote: |
Before installing a sniffer, make sure you get authorization. Sniffers allow you to monitor all plaintext traffic traversing the network--including people's passwords, favorite Web sites and personal communications. In some states, employees have to acknowledge in writing that their communications may be monitored. In any case, make sure you're covered legally and procedurally. |
source: http://www.infosecuritymag.com/2003/apr/cooltools.shtml
Additional Links:
TCPDump
Ethereal
EtherApe
NGrep
Snort
|
|
Back to top |
|
|
alt.don SF Boss
Joined: 04 Mar 2003 Posts: 16777079
|
Posted: Thu Apr 24, 2003 8:36 pm Post subject: |
|
|
Yup, yup you gotta love the sniffers. Though as seen NGrep is just a network regex tool. Check out the below noted url for a packet sniffer that does not require libpcap. Nice tool for pen testing. http://www.nextgenss.com/software/ngssniff.html
|
|
Back to top |
|
|
Guest
|
Posted: Thu Apr 24, 2003 9:26 pm Post subject: |
|
|
How about DugSongs DSniff? Does it get easier than that? On the other hand, that tool is pretty invasive in the sense that it is made for sniffing passwords etc on the wire...
If you want a laugh, go one directory up and see what DMCA brings us
|
|
Back to top |
|
|
delete852 Just Arrived
Joined: 19 Nov 2002 Posts: 4 Location: Washington DC
|
Posted: Thu Apr 24, 2003 9:34 pm Post subject: |
|
|
You can use an intrustion detection system as a sniffer right. I mean I can do something liked
snort -dev > networklogs.txt
right? And it would the same thing, do sniffers offer ability to search for passwords specifically? Hmm, maybe you can make an alert that goes something like
variable="girlfriends', boyfriends, mom's, dad's email goes here"
alert tcp any any -> any any ( content: "$variable"; msg:"Password Found"
And it will be in your alert file, what do you think?
|
|
Back to top |
|
|
Rottz Just Arrived
Joined: 29 Mar 2003 Posts: 3 Location: East Coast, USA
|
Posted: Thu Apr 24, 2003 11:24 pm Post subject: |
|
|
delete852 wrote: |
And it will be in your alert file, what do you think? |
Yeh, Snort is very good for quick/custom rules to capture packets of interest. Like you can use snort to capture IRC convos to see if you spouse/girlfriend is messing with around behind your back. oh, not that I would know anything about that!
As chr0me said, dsniff is pretty good, it can pick up passwords with webspy, and the other suite of tools included.
Doug also has some good papers like
"Passwords Found on a Wireless Network", D. Song, USENIX Technical Conference WIP, its in postscript format.
Other good articles on dsniff are Network Monitoring with Dsniff and dsniff and SSH are very interesting.
|
|
Back to top |
|
|
|