Packet Peekers

Networking/Security Forums -> General Security Discussion

Author: RottzLocation: East Coast, USA PostPosted: Thu Apr 24, 2003 8:06 pm    Post subject: Packet Peekers
    ----
Packet Peekers
BY Marcus Ranum
Packet analyzers give you a worm's-eye view of what's traversing your network
Quote:
Before installing a sniffer, make sure you get authorization. Sniffers allow you to monitor all plaintext traffic traversing the network--including people's passwords, favorite Web sites and personal communications. In some states, employees have to acknowledge in writing that their communications may be monitored. In any case, make sure you're covered legally and procedurally.

source: http://www.infosecuritymag.com/2003/apr/cooltools.shtml

Additional Links:
TCPDump
Ethereal
EtherApe
NGrep
Snort

Author: alt.don PostPosted: Thu Apr 24, 2003 8:36 pm    Post subject:
    ----
Yup, yup you gotta love the sniffers. Though as seen NGrep is just a network regex tool. Check out the below noted url for a packet sniffer that does not require libpcap. Nice tool for pen testing. http://www.nextgenss.com/software/ngssniff.html

Author: Guest PostPosted: Thu Apr 24, 2003 9:26 pm    Post subject:
    ----
How about DugSongs DSniff? Does it get easier than that? Wink On the other hand, that tool is pretty invasive in the sense that it is made for sniffing passwords etc on the wire...

If you want a laugh, go one directory up and see what DMCA brings us Wink

Author: delete852Location: Washington DC PostPosted: Thu Apr 24, 2003 9:34 pm    Post subject:
    ----
You can use an intrustion detection system as a sniffer right. I mean I can do something liked

snort -dev > networklogs.txt

right? And it would the same thing, do sniffers offer ability to search for passwords specifically? Hmm, maybe you can make an alert that goes something like

variable="girlfriends', boyfriends, mom's, dad's email goes here"
alert tcp any any -> any any ( content: "$variable"; msg:"Password Found"Wink

And it will be in your alert file, what do you think?

Author: RottzLocation: East Coast, USA PostPosted: Thu Apr 24, 2003 11:24 pm    Post subject:
    ----
delete852 wrote:
And it will be in your alert file, what do you think?

Yeh, Snort is very good for quick/custom rules to capture packets of interest. Like you can use snort to capture IRC convos to see if you spouse/girlfriend is messing with around behind your back. oh, not that I would know anything about that! Shocked
As chr0me said, dsniff is pretty good, it can pick up passwords with webspy, and the other suite of tools included.
Doug also has some good papers like
"Passwords Found on a Wireless Network", D. Song, USENIX Technical Conference WIP, its in postscript format.
Other good articles on dsniff are Network Monitoring with Dsniff and dsniff and SSH are very interesting.



Networking/Security Forums -> General Security Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group