Howdy, dsniff works fine on our LAN, but I thought I'd be able to sniff remote IPs with it, specifically our remote server. However it appears that dsniff can only catch logins that are already headed through eth0 (or some local interface). Is this correct? The man page that comes with it isn't terribly detailed. Is there some trick to get the remote IP's packets coming through my eth0 in order to sniff them? The reason I care is, it looks like you can only use it on the machine it's installed on. If that's the case, the only thing we'd have to worry about is our few employees using it, hehe, which isn't really a problem since they all already have root access :-) It would also make it look like there really isn't a danger of crackers sniffing our telnet logins, which isn't really my goal here - I wanted to prove how necessary it is to switch over to ssh. I think this would instead prove that whoever would have top already be inside our box. So I guess my question is, is it really possible for crackers to sniff passwords on remote boxes? I was under the impression that it was possible, but maybe I'm wrong. JW At 04:28 PM 10/3/2000 -0400, you wrote:
libpcap is needed by any sniffer, AFAIK. what exactly do you want to sniff? just traffic? then tcpdump will do. if you want a powerfull tcpdump-type sniffer, get snort. if you want security-type sniffing, then get dsniff, which was designed specifically for sniffing passwords. of course, you can find all this software on freshmeat.
----- Original Message ----- From: Jonathan Wilson
To: Sent: Tuesday, October 03, 2000 4:14 PM Subject: [SLE] Packet sniffer Howdy,
I'm looking for a packet sniffer. I thought etheral looked nice but it wants libs I don't have, and since I'm probably only going to use this thing once or twice I really don't want to start off on a this-rpm-needs-that-rpm-that-needs-another-rpm............ you know what I mean :-).
error: failed build dependencies: libpcap >= 0.4 is needed by ethereal-0.8.9-1 ucd-snmp-devel is needed by ethereal-0.8.9-1 zlib-devel is needed by ethereal-0.8.9-1
What have any of the rest of you done? Should I just find and install those libs, will they mess anything up? Or is there a better sniffer that I should try to get? Is there anything that works on SuSE 6.4 "straight outta the box"?
JW
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq