[SLE] Packet sniffer

newer
[SLE] Monitoring tools (SNMP, etc)

wilson＠claborn.net

3 Oct 2000 3 Oct '00

20:14

Howdy, I'm looking for a packet sniffer. I thought etheral looked nice but it wants libs I don't have, and since I'm probably only going to use this thing once or twice I really don't want to start off on a this-rpm-needs-that-rpm-that-needs-another-rpm............ you know what I mean :-). error: failed build dependencies: libpcap >= 0.4 is needed by ethereal-0.8.9-1 ucd-snmp-devel is needed by ethereal-0.8.9-1 zlib-devel is needed by ethereal-0.8.9-1 What have any of the rest of you done? Should I just find and install those libs, will they mess anything up? Or is there a better sniffer that I should try to get? Is there anything that works on SuSE 6.4 "straight outta the box"? JW -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

Show replies by date

datatwirl＠gis.net

3 Oct 3 Oct

20:28

...

Howdy,

I'm looking for a packet sniffer. I thought etheral looked nice but it wants libs I don't have, and since I'm probably only going to use this thing once or twice I really don't want to start off on a

libpcap is needed by any sniffer, AFAIK. what exactly do you want to sniff? just traffic? then tcpdump will do. if you want a powerfull tcpdump-type sniffer, get snort. if you want security-type sniffing, then get dsniff, which was designed specifically for sniffing passwords. of course, you can find all this software on freshmeat. ----- Original Message ----- From: Jonathan Wilson To: Sent: Tuesday, October 03, 2000 4:14 PM Subject: [SLE] Packet sniffer this-rpm-needs-that-rpm-that-needs-another-rpm............ you know what I mean :-).

...

error: failed build dependencies: libpcap >= 0.4 is needed by ethereal-0.8.9-1 ucd-snmp-devel is needed by ethereal-0.8.9-1 zlib-devel is needed by ethereal-0.8.9-1

What have any of the rest of you done? Should I just find and install

those libs, will they mess anything up? Or is there a better sniffer that I should try to get? Is there anything that works on SuSE 6.4 "straight outta the box"?

...

JW

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

wilson＠claborn.net

21:04

I may get dsniff, sounds about like what I want. For the curious: I'm the Linux Sys Admin here, mostly because I happen to know the most about Linux. My boss doesn't think that I need to spend as much time on security as I think I do. We've had 2 very obvious script-kiddie attempts in our logs files in only 1 month. I'm trying to prove to my boss that we MUST use ssh, not telnet (we're using telnet all day long, and I had trouble installing ssh, so I'm going to have to spend a bit of time on it.) I thought the best demonstration possible would be to have him watch me sniff a password in real time, then say "Anyone with this same app which I got from such-and-such URL can do exactly the same thing......" Ethereal is working, but I don't see how to sniff anything except this workstation's own eth0 (haven't read the docs yet though). I think I'll try dsniff. JW At 04:28 PM 10/3/2000 -0400, you wrote:

...

libpcap is needed by any sniffer, AFAIK. what exactly do you want to sniff? just traffic? then tcpdump will do. if you want a powerfull tcpdump-type sniffer, get snort. if you want security-type sniffing, then get dsniff, which was designed specifically for sniffing passwords. of course, you can find all this software on freshmeat.

----- Original Message ----- From: Jonathan Wilson To: Sent: Tuesday, October 03, 2000 4:14 PM Subject: [SLE] Packet sniffer

...
Howdy,

I'm looking for a packet sniffer. I thought etheral looked nice but it wants libs I don't have, and since I'm probably only going to use this thing once or twice I really don't want to start off on a this-rpm-needs-that-rpm-that-needs-another-rpm............ you know what I mean :-).

error: failed build dependencies: libpcap >= 0.4 is needed by ethereal-0.8.9-1 ucd-snmp-devel is needed by ethereal-0.8.9-1 zlib-devel is needed by ethereal-0.8.9-1

What have any of the rest of you done? Should I just find and install those libs, will they mess anything up? Or is there a better sniffer that I should try to get? Is there anything that works on SuSE 6.4 "straight outta the box"?

JW

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

wilson＠claborn.net

4 Oct 4 Oct

15:49

Howdy, dsniff works fine on our LAN, but I thought I'd be able to sniff remote IPs with it, specifically our remote server. However it appears that dsniff can only catch logins that are already headed through eth0 (or some local interface). Is this correct? The man page that comes with it isn't terribly detailed. Is there some trick to get the remote IP's packets coming through my eth0 in order to sniff them? The reason I care is, it looks like you can only use it on the machine it's installed on. If that's the case, the only thing we'd have to worry about is our few employees using it, hehe, which isn't really a problem since they all already have root access :-) It would also make it look like there really isn't a danger of crackers sniffing our telnet logins, which isn't really my goal here - I wanted to prove how necessary it is to switch over to ssh. I think this would instead prove that whoever would have top already be inside our box. So I guess my question is, is it really possible for crackers to sniff passwords on remote boxes? I was under the impression that it was possible, but maybe I'm wrong. JW At 04:28 PM 10/3/2000 -0400, you wrote:

...

libpcap is needed by any sniffer, AFAIK. what exactly do you want to sniff? just traffic? then tcpdump will do. if you want a powerfull tcpdump-type sniffer, get snort. if you want security-type sniffing, then get dsniff, which was designed specifically for sniffing passwords. of course, you can find all this software on freshmeat.

----- Original Message ----- From: Jonathan Wilson To: Sent: Tuesday, October 03, 2000 4:14 PM Subject: [SLE] Packet sniffer

...
Howdy,

I'm looking for a packet sniffer. I thought etheral looked nice but it wants libs I don't have, and since I'm probably only going to use this thing once or twice I really don't want to start off on a this-rpm-needs-that-rpm-that-needs-another-rpm............ you know what I mean :-).

error: failed build dependencies: libpcap >= 0.4 is needed by ethereal-0.8.9-1 ucd-snmp-devel is needed by ethereal-0.8.9-1 zlib-devel is needed by ethereal-0.8.9-1

What have any of the rest of you done? Should I just find and install those libs, will they mess anything up? Or is there a better sniffer that I should try to get? Is there anything that works on SuSE 6.4 "straight outta the box"?

JW

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

wilson＠claborn.net

3 Oct 3 Oct

20:32

*blushes* I just found the one that (duh) came with SuSE - assumed that SuSE didn't have one, since I looked under series sec. It was under n1. JW At 03:14 PM 10/3/2000 -0500, you wrote:

...

Howdy,

I'm looking for a packet sniffer. I thought etheral looked nice but it wants libs I don't have, and since I'm probably only going to use this thing once or twice I really don't want to start off on a this-rpm-needs-that-rpm-that-needs-another-rpm............ you know what I mean :-).

error: failed build dependencies: libpcap >= 0.4 is needed by ethereal-0.8.9-1 ucd-snmp-devel is needed by ethereal-0.8.9-1 zlib-devel is needed by ethereal-0.8.9-1

What have any of the rest of you done? Should I just find and install those libs, will they mess anything up? Or is there a better sniffer that I should try to get? Is there anything that works on SuSE 6.4 "straight outta the box"?

JW

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

kastus＠tsoft.com

4 Oct 4 Oct

06:09

I used iptraf (comes from package iptraf-1.2.0-131 on my 6.4 system) HTH, -Kastus On Tue, 3 Oct 2000, Jonathan Wilson wrote:

...

Howdy,

I'm looking for a packet sniffer. I thought etheral looked nice but it wants libs I don't have, and since I'm probably only going to use this thing once or twice I really don't want to start off on a this-rpm-needs-that-rpm-that-needs-another-rpm............ you know what I mean :-).

error: failed build dependencies: libpcap >= 0.4 is needed by ethereal-0.8.9-1 ucd-snmp-devel is needed by ethereal-0.8.9-1 zlib-devel is needed by ethereal-0.8.9-1

What have any of the rest of you done? Should I just find and install those libs, will they mess anything up? Or is there a better sniffer that I should try to get? Is there anything that works on SuSE 6.4 "straight outta the box"?

JW

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq

8607

Age (days ago)

8608

Last active (days ago)

List overview

Download

5 comments

3 participants

participants (3)

datatwirl＠gis.net
kastus＠tsoft.com
wilson＠claborn.net