http://Linux-Sec.net Hardening-Tightening Security_Policy Hardening-HOWTO Linux Distros Distro Patches Kernel-Patches Dedicated Servers Firewalls DNS Servers Mail Servers Web Servers Turn-Off Daemons Tighten Inetd Services Top-10 Vulnerabilities Top-7 Security Mistakes Top-10 Vulnerabilities Top-20 Most Critical Vulnerability Top-10 Virus Scans/Attacks Stats Top-10 Attacks Hacked Servers One Minute Audits OpenPorts Audit AntiVirus - AntiSpam Anti-Spam Anti-Virus spam.wav Wireless [In]Security Sniffers Security Tools SSH_SSL Firewalls MailServer FileSystem VPN Port Scan Detectors IDS Tools LogFile Analysis Ethernet Monitoring Server Monitoring Tracking & Forensics Hackers Tools Audit Tools Port Scanners Hacking Tools DDOS Tools Sniffer Tools Spoof Tools Exploits & Vulnerbilities Wireless Wireless [In]Security Misc Statistics Linux/BSD Distros Links,Articles,WatchDogs Security Mailing Lists/FAQs Liability Insurance 1U Rackmount Chassis Custom-Chassis.com Linux-1U.net 1U-ITX.net ITX-Blades.net Small PC cases Mini-Box.net Wrap-Box.net Wrap-OS.net Wan-Sim.net Linux-Consulting.com Linux-CAE.net Linux-Sec.net Linux-Boot.net Linux-Backup.net Linux-Wireless.org Linux-Office.net Linux-Video.net Linux-VOIP.net Linux-Jobs.net Linux-Diff.net 1U-Raid5.net Linux-Howto.net Spam Reporting Free Linux CDs ISO9660.org Distro-CD.org Patch-CD.org Contact Linux is a registered trademark of Linus Torvalds More Linux Legalese

Sniffing Tools Why Hack and Crack when you can Sniff their login and passwd Sniffer Scripts Linux-Sec.net/Sniffer/Scripts Sniffer.pl scripts Sniffer/Howto Sniff Contents of the emails Sniff emails sent to 1.2.3.4 tcpdump -nnvvvS -s 0 -U -w sniff.smtp.pcap dst 1.2.3.4 and dst port 25 View the sniffed email data wireshark -r sniff.smtp.pcap click on your "sending email address" click on "message text" to view the email contents Sniff insecure POP email tcpdump -nnvvvS -s 0 -U -w sniff.smtp.pcap dst 1.2.3.4 and dst port 110 Sniff insecure imap email tcpdump -nnvvvS -s 0 -U -w sniff.smtp.pcap dst 1.2.3.4 and dst port 143 Sniffer/Howto Sniff web connections for login/passwd tcpdump -nnvvvS -s 0 -U -w sniff.web.pcap dst 1.2.3.4 and dst port 80 wireshark -r sniff.web.pcap Sniffer/Howto Sniff ftp/telnet connections for login/passwd tcpdump -nnvvvS -s 0 -U -w sniff.telnet.pcap dst 1.2.3.4 and dst port 21 wireshark -r sniff.telnet.pcap Sniffing email, webmail and html pages Any unauthorized user with a Sniffer can trivially read all your critical information, such as: all your un-encrypted emails to and from your customers, friends and family all your un-encrypted emails using web-based emails all of your login and password used on your un-encrypted html-based forms such as shopping carts, domain name registrations, any other website, etc Encrypted-Email.net Email and html Sniffing Demo Sniffer FAQs RobertGraham.com Sniffing FAQ ( original, circa 2000 ) Newdata.box.sk Sniffing FAQ SecInf.net Sniffer FAQ FlowCalcs.com Sniffer FAQ IronGeek.com ISS.net Sniffer FAQ ( original, circa 1996 ) -- nowhere to be found MoreHouse.org Sniffer FAQ ( v3 ) FAQs.org Sniffer FAQ ( v3 ) Cotse.com ( ISS ) Sniffer Security FAQ Most all of the protocols are susceptible to sniffing ( its passwd is clear text ) telnet, ftp, httpd, pop3, imap, snmp, nntp Using Secure pop3 and Secure IMAP will (?) minimize the odds that the sniffer sees your login and passwd will NOT prevent the the sniffer from reading your email in clear text when it travels around the world and comes into or leaves your mail server More importantly, ALL unencrypted data is sniffable ( human readable ) send and receive only encrypted data for a trivial solution against sniffing Using easy to guess login and passwd mitgates any encryption it takes a few seconds or minutes to guess your passwd in the "100,000 word dictionary" How do you know if someone is sniffing all your data it is nearly impossible to detect the existance of a sniffer until after its too late A firewall will NOT prevent sniffing a firewall will not help because all user data has to go to the internet they can sniff your outgoing emails they can sniff your incoming emails they can sniff your webpages you browse they can sniff your web pages you provide They can sniff ALL of your data, login, passwd and all emails they can sniff ALL your data from all the routers you passed thru they can sniff ALL your data from your ISP they can sniff ALL your data from your colo they can sniff ALL your data from your local network they can sniff ALL your data from your wireless network they can sniff ALL your data from your vpn connections at home they can sniff ALL your data from the airport, coffee shops, etc they can sniff ALL your data from outside your office or home Sniffer Detectors Linux-Sec.net/Sniffer.Detectors Wireless Sniffers Linux-Wireless.org/Sniffers Sniffing Across Switches Mac Address Spoofing IronGeek.com ( local copy ) monkey.org macof can overflow a switch and force it into dumb hub mode ARP Poisoning IronGeek.com Basics of ArpSpoofing and ArpPoisoning IronGeek.com video PacketStormSecurity.com sid.rstack.org ( local copy ) sid.rstack.org article sid.rstack.org ( local copy ) sid.rstack.org ( local copy ) habets.pp.se arping arpPoison fefe.de arpRelay arpRedirect hotlink.com.br arptool arpWrap monkey.org dsniff EtterCap.SourceForge.net man-in-the-middle-attack 0x50Sec.org arp-sniffer.c hunt List of Network Sniffers Wikipedia.org Packet Analyzer Washington.edu Sniffers and You Fefe.de Switching and VLAN Security FAQ neworder.box.sk Noah.org packet sniffing w/ commandline example AstaLaVista.com Top 10 Sniffers CA.com COTSE.com Sniffers DSINet.org huge list l0t3k.org Sniffing Tools Sans.org Penetration Testing w/ dsniff SecTools.org Top 11 packet sniffers SecurityFocus huge list under Tools->Sniffers Kitetoa.com Wikipedia.org Comparison of Packete Analyzers CDit.edu.cn huge list PacketStormSecurity.org huge list of sniffers BlackSheepNetworks.com network scanners AstalaVista.com Vilecha.com ettercap in spanish FreeFire.org tools Uni-Rostock.de tcp tools TopBits.com Common Network Sniffers Linux.org Aldebaran Naughty.Monkey.org DSniff, mailsnarf, urlsnarf DataNerds.net dsniff for windoze EtherReal.com tethereal both obsolete -- use wireshark instead EtherReal.Zing.org obsoleted, it is now wireshark.org EtherApe.sourceforge.net packet sniffer, bw monitor Ettercap.com ettercap-NG SourceForge.net IPGrab LaurentConstantin.com Netwib, Netwox, Netwag NFR.com Network Flight Recorder cerias.purdue.edu nfswatch for sniffing NFS packets morphine.com passlogd Phencelit.de phoss - sniff HTTP, FTP, LDAP, Telnet, IMAP4, POP3, VPN logins phenoelit-us.org phoss Starzetz.de smit Sniffit.sourceforge.net Snoop for solaris snort.org tcpdump.org Wireshark.org tshark cshl.org web sniffer Bandwidth Monitor ex-parrot.com iftop Howto Write a Sniffer BinaryTides.com sniffer.c ( local copy ) beej.us server.c and client.c tenouk.com wikipedia.org bsd sockets: server.c and client.c Commercial Windoze Sniffers DataNerds.net dsniff for windoze EffeTech.com ip sniffer, http sniffer, packet sniffer, password sniffer ip-sniffer.com aka effetech EtherDetect.com aka effetech NetworkAssociates.com Sniffer Pro Oxid.it oxid.it Cain and Abel Nirsoft.net SniffPass Patriot.net tcpdump.org Champlain.edu tcpdump for windows capsa Devolutions.net TCPspy Keyboard Sniffers - Loggers if they installed a keyboard logger, you're dead ... gameover .. encryption will NOT help either since they can see your passphrase if they installed the keyboardlogger remotely, you have other very serious securityproblems if they have physical access, game over... just pull the plug and walk out with the PC or laptop with important data on it thc.org vLogger ( keyboard logger/sniffer ) teso.scen.at iob - kb sniffer citefa.gov.ar tecleo PacketStormSecurity.org keylogger honeynet.org sebek SourceForge.net lkl VNC

Copyright © 2000	Linux-Consulting	All Rights Reserved.	Updated: Wed Aug 4 13:50:59 2010 PDT