Sniffit installed in linux is very simple:
1, with tar zvfx sniffit. *. *. *. Tgz will be downloaded sniffit. *. *. *. Tgz unzip the file to the destination folder you want, if the version is 0.3.7, you'll see a sniffit.0.3.7 directory appear in the directory.
2, cd sniffit.0.3.7
3,. / Configure && make, as long as this process does not unexpected error message on the terminal
It appears, even if you compile a success - sniffit can get a binary file.
4, make clean sweep of the unused garbage ......
This stuff has the following command options:
-v Displays version information
-t let the program to monitor the flow of an IP packet
-s allow the program to monitor the outflow from a certain IP IP packets, you can use the @ wildcard, such as -t199.145. @
-i show window interface, can see the current connection on your machine to your network
-I Extended interactive mode, all other options are ignored, much more powerful than -i ......
-c use scripts to run the program
-F Force the program to use network hard drive
-n shown false data packets. Like using ARP, RARP, or other IP data packets will not be displayed
Option to run only when the plugin -N, so that other options fail
Unable to work in -i mode parameters:
-b -s and -t while doing work ......
-d will monitor the resulting content is displayed in the current terminal - in hexadecimal
-a will monitor the resulting content is displayed in the current terminal - in ASCII characters
-x print TCP packet extension information (SEQ, ACK, Flags), with '-a', '- d', '- s', '- t', '- b' work together, watch out - it is output in standard output, if only -t, -s, -b and no other arguments with words will not be written to the file.
-R All traffic records in the file
-r This option will log file sent sniffit, it requires -F parameters specified with the device, assuming you use 'eth0' (the first NIC) to record the file, you must add the command line inside '-Feth0' or use 'or' or 'or' or '-Feth'-a I do not know the character specified character instead of listening -P defined protocol, DEFAULT as TCP-- can also choose IP, ICMP, UDP ......
-p define the listening port, the default is all
-l set packet size, default is 300 bytes.
-M Activation plug-ins
-I, -i Parameter mode
-D All records will be sent to this disk.
Parameter -c mode
Logparam which may be the following topics:
telnet: Record password (port 23)
ftp: Record password (port 21)
mail: Record contents of the letter (port 25)
For example, \ "ftpmailnorm \" is a valid logparam
2, graphical simulation interface
-i Option is the above mentioned matter, we enter sniffit-i will be a windowing environment, which you can see where their network in which the machine is connected to what port numbers, the available commands are as follows:
q exit the window environment, the program ends
r refreshes the screen being displayed again in connection machine
n generate a small window, including traffic TCP, IP, ICMP, UDP and other protocols
g generate data packets, under normal circumstances, only UDP protocol will produce, execute this command to answer some
Questions about the packet
F1 to change the IP address of the source domain, the default is all
F2 to change the IP address of the destination domain, the default is all
F3 to change the source port number of the machine, the default is all
F4 change the destination port number of the machine, the default is all
Suppose you have the following settings: There are two hosts, one running sniffer in a subnet, we call sniffit.com, another is 18.104.22.168, we call target.com.
< 1> you want to check whether sniffer can run sniffit: ~ / # sniffit-d-p7-t22.214.171.124 and open another window:
sniffit: ~ / $ telnettarget.com7
You can see each other sniffer your telnet service port 7 echo packets captured.
< 2> you want to intercept the user's password on target.com
sniffit: ~ / # sniffit-p23-t126.96.36.199
Root < 3> target.com host claimed to have strange FTP connection and would like to find out their keystrokes
sniffit: ~ / # sniffit-p21-l0-t188.8.131.52
< 4> you want to read all incoming and outgoing letters target.com
sniffit: ~ / # sniffit-p25-l0-b-t184.108.40.206 & or sniffit: ~ / # sniffit-p25-l0-b-s220.127.116.11 &
< 5> You want to use user interface
sniffit: ~ / # sniffit-i
< 6> An error has occurred and you want to control information intercepted
sniffit: ~ / # sniffit-Picmp-b-s18.104.22.168
< 7> Gowildonscrollingthescreen.
sniffit: ~ / # sniffit-Pip-Picmp-Ptcp-p0-b-a-d-x-s22.214.171.124
The effect is comparable with sniffit: ~ / # sniffit-Pipicmptcp-p0-b-a-d-x-s126.96.36.199
< 8> You can use the 'more66 *' read the password in the following ways under Record
sniffit: ~ / # sniffit-p23-A.-t188.8.131.52 or sniffit: ~ / # sniffit-p23-A ^ -tdummy.net
1, script execution
This is in line with the -c option, its implementation method is very simple, such as to edit a file called sh
Then execute: sniffit-csh
Description: monitor data packets sent from 184.108.40.206 220.127.116.11, the port for the FTP port. Do not make more help, you can look at yourself inside the README.
To get a plug-in is very simple, you put it under sniffit directory, and edit as follows sn_plugin.h file:
#define PLUGIN1_NAME \ "Myplugin \"
#define PLUGIN1 (x) main_plugin_function (x)
#include \ "my_plugin.plug \"
a) You can make plugin from 0-9, so from PLUGIN0_NAME to PLUGIN1_NAME ...... you do not have to be consecutive
d) #include \ "my_plugin.plug \" This is my plugin source code placed. If you want to learn more about it, or look inside the plugin.howto it.
3, introduced tod
This stuff is the most famous sniffit a plug-in, and why is it called TOD it --touchofdeath, it can be easily cut off a TCP connection, the principle is to send IP packets to a disconnect a TCP connection in a host, RST location of this IP packet 1, before it.
The downloaded copy to sniffit tod.tar.gz directory after extracting installation ln-stodsniffit_key5 with this program you can connect with the F5 key, which wanted to cut off the machine, as long as the cursor in the window refers to the need to press the F5 key on the machine can be disconnected. You can freely into other definition F --F1 ~ F4 function key does not work, they have been defined over ......