|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : nikita kozlovsky 2:5030/1048.9 04 Dec 2001 00:07:40
To : Michael Sereda
Subject : Re: Посоветуйте сниффер
--------------------------------------------------------------------------------
MS> Посоветуйте иксовый сниффер, с возможностью фильтрации пакетов во время
MS> захвата. В идеале хочется чего-то что напоминало бы виндовый SnifferPro.
есть не иксовый, но очень хороший ettercap. он из либ ничего не просит, ну
кроме как openssl и ncurses, но это по желанию.
из мэна:
It has five sniffing methods:
+ IPBASED, the packets are filtered matching IP:PORT
source and IP:PORT dest
+ MACBASED, packets filtered matching the source and dest
MAC address. (useful to sniff connections through gateway)
+ ARPBASED, uses arp poisoning to sniff in switched LAN
between two hosts (full-duplex m-i-t-m).
+ SMARTARP, uses arp poisoning to sniff in switched LAN
from a victim host to all other hosts knowing the entire
list of the hosts (full-duplex m-i-t-m).
+ PUBLICARP, uses arp poison to sniff in switched LAN from
a victim host to all other hosts (half-duplex).
With this method the ARP replies are sent in broadcast,
but if ettercap has the complete host list (on start up it
has scanned the LAN) SMARTARP method is automatically
selected, and the arp replies are sent to all the hosts
but the victim, avoiding conflicting MAC addresses as
reported by win2K.
The most relevant ettercap features are:
Characters injection in an established connection : you
can inject character to server (emulating commands) or to
client (emulating replies) maintaining the connection
alive !!
SSH1 support : you can sniff User and Pass, and even the
data of an SSH1 connection. ettercap is the first software
capable to sniff an SSH connection in FULL-DUPLEX
HTTPS support : you can sniff http SSL secured data... and
even if the connection is made through a PROXY
Plug-ins support : You can create your own plugin using
the ettercap's API.
Password collector for : TELNET, FTP, POP, RLOGIN, SSH1,
ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP,
SOCKS 5, IMAP 4, VNC (other protocols coming soon...)
Packet filtering/dropping: You can set up a filter chain
that search for a particular string (even hex) in the TCP
or UDP payload and replace it with yours or drop the
entire packet.
OS fingerprint: you can fingerprint the OS of the victim
host and even its network adapter (it uses the nmap (c)
Fyodor database)
Kill a connection: from the connections list you can kill
all the connections you want
Packet factory: You can create and sent packet forged on
the fly. The factory let you to forge from Ethernet header
to application level.
go-to: http://etter-cap.sourceforge.net
да, штука хорошая.
--
np: mpg123 not loaded
nmk, 2:5030/1048.9, nmk<at>lk9877.spb.NOSPAMedu
--- tin/1.5.8, sum. uptime: 12 days 20 hours 18 minutes
* Origin: free software (2:5030/1048.9)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
Посоветуйте сниффер |
Michael Sereda |
03 Dec 2001 15:52:12 |
 Re: Посоветуйте сниффер |
nikita kozlovsky |
04 Dec 2001 00:07:40 |
|
|
