Hello: I found this on the OpenBSD list and thought some SuSE users may need a sniffer. I have not tried it so this is just an FYI. Regards, Bill Parker, <[EMAIL PROTECTED]> -------------------------------------- But anyway..if you are interested in testing a new password sniffer on either Linux or OpenBSD (I'm looking for feedback) go to: http://www.electricrian.com/~tyler/misc/ I basicly grabbed all the sniffers I could find and took the best parts of each and made a super sniffer. I'm attaching the top comment section of the program below..since I'm not much of a C programmer any comments/criticism/flames/improvement ideas/etc will be happily accepted. (might want to send them directly instead of the list) -Tyler /*************************************************************************** * * * Sniff All v2.0 for Linux/*BSD * * Coded and glued together by Tyler Allison ([EMAIL PROTECTED]) * * This program sniffs packets for FTP, telnet, POP3, POP2, IMAP2, rlogin in * the standard fashion, dumping info to a log file. It also has the ability * to sniff HTTP traffic and decode Basic Authentication username and password * pairs. It uses a linked-list (probably should use a hash instead) to keep * track of all traffic it sees. This improves the "sniffing" ability of the * sniffer so it doesn't get locked into one connection, and misses some * other traffic. * * Supports libpcap (*BSD and Linux) or raw interface sniffing (Linux only). * Tested on the following platforms: * OpenBSD 2.4 * Linux 2.2.X /w LSF libpcap * Linux 2.2.X * * This program is for non-criminal use ONLY and should not be used unless you * have the authorization to do so. Don't blame me if you get busted! * * * This uses code or ideas from the following sniffers: * linsniff .03.9beta by Mike Edulla ([EMAIL PROTECTED]) * websniff 1.0 by BeastMaster V http://www.rootshell.com * linsniff .666 by humble of rhino9 * pcs by halflife * * - Interface initialization code taken from Touch of Death (TOD V.1) by * Brecht Claerhout * - Argv hiding taken from nmap v2.03 by * Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap) * * Compile: * gcc -o sniffall sniffall.c <-- no DNS resolution * gcc -o sniffall -DHOST_LOOKUP sniffall.c <-- yes DNS resolution * gcc -o sniffall -D__PCAP__ sniffall.c -lpcap <-- libpcap support for *BSD * gcc -o sniffall -D__LINUX__ sniffall.c <-- no libpcap for linux * (obviously you can mix and match the defines as needed) * * NOTE: Errors when compiling about ntohl/htonl conflicting types are due to * problems in the header files in linux. Find the conflicts and fix them. * * Changelog: * diff between v2 and v1: * - added libpcap support * - ported to OpenBSD * - added -i option to override INTERFACE * - added argv hiding (This does not work on OpenBSD..well it does work * but it wont do you any good..being that it's * a secure OS the original argv is displayed in * 'ps' as well.) * * Todo list: * - add FDDI support * - use hash instead of linked list * **************************************************************************** / ,---------------------------------------------------------------------, | Tyler Allison, CISSP |M/S 233-7 (650)604-3602|MIB- Protecting the| |System Security Analyst |Ames Research Center |earth from the scum| |[EMAIL PROTECTED]|Moffett Field, CA 94035|of the universe. | | PGP Fingerprint: FB 4C 6E 4B 13 12 B1 17 68 7A A0 8C 43 30 00 01 | `---------------------------------------------------------------------' - To get out of this list, please send email to [EMAIL PROTECTED] with this text in its body: unsubscribe suse-linux-e Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the archiv at http://www.suse.com/Mailinglists/suse-linux-e/index.html
