Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Sniffer install applications in Linux supplement     - Using Python to find a particular file extension directory (Programming)

- Why I do not like the Go language style interface (ie Structural Typing) (Programming)

- Sudo and Root Account in Ubuntu related (Linux)

- CentOS 6.4 Telecom ADSL dial-up network configuration (Linux)

- About Java 7 module system (Programming)

- Findbugs installation documentation (Linux)

- Install the latest Pinta graphics editing software on Ubuntu 14.04 (Linux)

- Linux firewall iptables beginner tutorial (Linux)

- CentOS 6.2 install git error Perl5 (Linux)

- Difference Redhat5 and 6 YUM source configuration (Linux)

- Safety testing Unix and Linux server entry succinctly (Linux)

- How to use nmap command in Linux (Linux)

- ORA-38856: Unable instance UNNAMED_INSTANCE_2 (redo thread 2) marked enabled (Database)

- How to remove the Linux memory Cache, Buffer and swap space (Linux)

- Lazarus for Raspbian installation (Linux)

- Slow update statement Performance Analysis (Database)

- iostat command Detailed (Linux)

- Android using SVG vector graphics to create cool animation effects (Programming)

- JavaScript closures and the scope chain (Programming)

- Teach you how to choose to install CentOS 6.5 installation package (Linux)

 
         
  Sniffer install applications in Linux supplement
     
  Add Date : 2017-04-13      
         
       
         
  Sniffit installed in linux is very simple:
1, with tar zvfx sniffit. *. *. *. Tgz will be downloaded sniffit. *. *. *. Tgz unzip the file to the destination folder you want, if the version is 0.3.7, you'll see a sniffit.0.3.7 directory appear in the directory.
2, cd sniffit.0.3.7
3,. / Configure && make, as long as this process does not unexpected error message on the terminal
It appears, even if you compile a success - sniffit can get a binary file.
4, make clean sweep of the unused garbage ......

,Instructions
1, par.
This stuff has the following command options:
-v Displays version information
-t let the program to monitor the flow of an IP packet
-s allow the program to monitor the outflow from a certain IP IP packets, you can use the @ wildcard, such as -t199.145. @
-i show window interface, can see the current connection on your machine to your network
-I Extended interactive mode, all other options are ignored, much more powerful than -i ......
-c use scripts to run the program
-F Force the program to use network hard drive
-n shown false data packets. Like using ARP, RARP, or other IP data packets will not be displayed
Option to run only when the plugin -N, so that other options fail
Unable to work in -i mode parameters:
-b -s and -t while doing work ......
-d will monitor the resulting content is displayed in the current terminal - in hexadecimal
-a will monitor the resulting content is displayed in the current terminal - in ASCII characters
-x print TCP packet extension information (SEQ, ACK, Flags), with '-a', '- d', '- s', '- t', '- b' work together, watch out - it is output in standard output, if only -t, -s, -b and no other arguments with words will not be written to the file.
-R All traffic records in the file
-r This option will log file sent sniffit, it requires -F parameters specified with the device, assuming you use 'eth0' (the first NIC) to record the file, you must add the command line inside '-Feth0' or use 'or' or 'or' or '-Feth'-a I do not know the character specified character instead of listening -P defined protocol, DEFAULT as TCP-- can also choose IP, ICMP, UDP ......
-p define the listening port, the default is all
-l set packet size, default is 300 bytes.
-M Activation plug-ins
-I, -i Parameter mode
-D All records will be sent to this disk.
Parameter -c mode
-L
Logparam which may be the following topics:
raw: Mild
norm: General
telnet: Record password (port 23)
ftp: Record password (port 21)
mail: Record contents of the letter (port 25)
For example, \ "ftpmailnorm \" is a valid logparam

2, graphical simulation interface
-i Option is the above mentioned matter, we enter sniffit-i will be a windowing environment, which you can see where their network in which the machine is connected to what port numbers, the available commands are as follows:
q exit the window environment, the program ends
r refreshes the screen being displayed again in connection machine
n generate a small window, including traffic TCP, IP, ICMP, UDP and other protocols
g generate data packets, under normal circumstances, only UDP protocol will produce, execute this command to answer some
Questions about the packet
F1 to change the IP address of the source domain, the default is all
F2 to change the IP address of the destination domain, the default is all
F3 to change the source port number of the machine, the default is all
F4 change the destination port number of the machine, the default is all

Some examples

Suppose you have the following settings: There are two hosts, one running sniffer in a subnet, we call sniffit.com, another is 66.66.66.7, we call target.com.
< 1> you want to check whether sniffer can run sniffit: ~ / # sniffit-d-p7-t66.66.66.7 and open another window:
sniffit: ~ / $ telnettarget.com7
You can see each other sniffer your telnet service port 7 echo packets captured.
< 2> you want to intercept the user's password on target.com
sniffit: ~ / # sniffit-p23-t66.66.66.7
Root < 3> target.com host claimed to have strange FTP connection and would like to find out their keystrokes
sniffit: ~ / # sniffit-p21-l0-t66.66.66.7
< 4> you want to read all incoming and outgoing letters target.com
sniffit: ~ / # sniffit-p25-l0-b-t66.66.66.7 & or sniffit: ~ / # sniffit-p25-l0-b-s66.66.66.7 &
< 5> You want to use user interface
sniffit: ~ / # sniffit-i
< 6> An error has occurred and you want to control information intercepted
sniffit: ~ / # sniffit-Picmp-b-s66.66.66.7
< 7> Gowildonscrollingthescreen.
sniffit: ~ / # sniffit-Pip-Picmp-Ptcp-p0-b-a-d-x-s66.66.66.7
The effect is comparable with sniffit: ~ / # sniffit-Pipicmptcp-p0-b-a-d-x-s66.66.66.7
< 8> You can use the 'more66 *' read the password in the following ways under Record
sniffit: ~ / # sniffit-p23-A.-t66.66.66.7 or sniffit: ~ / # sniffit-p23-A ^ -tdummy.net

Advanced Applications

1, script execution
This is in line with the -c option, its implementation method is very simple, such as to edit a file called sh
selectfromhost180.180.180.1
selecttohost180.180.180.10
selectbothport21
Then execute: sniffit-csh
Description: monitor data packets sent from 180.180.180.10 180.180.180.1, the port for the FTP port. Do not make more help, you can look at yourself inside the README.
2, plug-in
To get a plug-in is very simple, you put it under sniffit directory, and edit as follows sn_plugin.h file:
#define PLUGIN1_NAME \ "Myplugin \"
#define PLUGIN1 (x) main_plugin_function (x)
#include \ "my_plugin.plug \"
Note:
a) You can make plugin from 0-9, so from PLUGIN0_NAME to PLUGIN1_NAME ...... you do not have to be consecutive
d) #include \ "my_plugin.plug \" This is my plugin source code placed. If you want to learn more about it, or look inside the plugin.howto it.
3, introduced tod
This stuff is the most famous sniffit a plug-in, and why is it called TOD it --touchofdeath, it can be easily cut off a TCP connection, the principle is to send IP packets to a disconnect a TCP connection in a host, RST location of this IP packet 1, before it.
The downloaded copy to sniffit tod.tar.gz directory after extracting installation ln-stodsniffit_key5 with this program you can connect with the F5 key, which wanted to cut off the machine, as long as the cursor in the window refers to the need to press the F5 key on the machine can be disconnected. You can freely into other definition F --F1 ~ F4 function key does not work, they have been defined over ......
     
         
       
         
  More:      
 
- C language programming entry - macro definitions and enum (Programming)
- How to experience Unity 8 Mir on Ubuntu 16.04 (Linux)
- Linux port scanning (Linux)
- Linux iptables firewall settings to use (Linux)
- Vagrant failed to start, stuck in Waiting for VM to boot solution (Linux)
- CentOS x86 64bit upgrade to 2.7 Python2.6 (Linux)
- Linux prohibit non-WHEEL user su command Detail (Linux)
- Httpclient4.4 of principle (Http execution context) (Programming)
- The difference Docker save and export commands (Linux)
- Linux startup and logon security settings (Linux)
- The difference between equals and == in Java (Programming)
- PostgreSQL vacuum principle of a function and parameters (Database)
- Relationship between Linux permissions with the command (Linux)
- Linux installed xdotool simulate keystrokes and mouse movements (Linux)
- Netfilter / Iptables Comments (Linux)
- MYSQL root password for the database user passwords are weak attack analysis (Linux)
- Install Kali Linux via PXE network (Linux)
- Linux Oracle environment variable is invalid Problem Solving (Database)
- How do I delete a NEEDS RECOVERY rollback state of undo tablespace (Database)
- 11.2.04 Oracle RAC directory crfclust.bdb file is too large, Bug 20186278 (Database)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.