Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: snoop equivalent
Top Forums UNIX for Dummies Questions & Answers snoop equivalent Post 35614 by google on Tuesday 22nd of April 2003 10:17:18 PM
Old 04-22-2003
also have a look at ettercap --> http://ettercap.sourceforge.net/

used it in a test lab some....here is the write up from freshmeat.net

About:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

snoop equivalent for AIX

is there a snoop equivalent in other flavors of unix? for AIX IBM (1 Reply)
Discussion started by: jcasares
1 Replies

2. Solaris

Snoop Functions

Hello! It is my first post in this forum :). I`m facing a strange issue. I am using a Solaris 8 as OS, and using the ipnat (ipf) to NAT an incoming port to another, as following: Host SUN with Solaris 8/NAT WEB Page (A.B.C.D:80) ---> |A.B.C.D:80 ->... (0 Replies)
Discussion started by: mf_lattanzi
0 Replies

3. Solaris

snoop command

Hi. I'm trying to capture traffic with the snoop command using the net expression but I fail when a I've to specify a subnet ex: 10.201.64/18 Did you know the correct syntax? I've tried with snoop -ta -x0 net 10.201.64.0 255.255.192.0 but doesn't match. Thnx (4 Replies)
Discussion started by: kurtolo
4 Replies

4. Shell Programming and Scripting

Snoop Script

Hi, I want to write a script that checks an interface with the snoop command, if there is no traffic in 10 minutes on port 123 from the ip add 10.*.*.* it should send a e-mail.but i don't know how to start writing this script does anybody have an idea or an sample script that i can modifi. ... (2 Replies)
Discussion started by: tafil
2 Replies

5. UNIX for Dummies Questions & Answers

What is the equivalent of Solaris snoop in Linux

What is the equivalent of Solaris snoop in Linux I could not find snoop in RHEL (2 Replies)
Discussion started by: santosh149
2 Replies

6. Solaris

Analyze packets with snoop

Is there anywhere we can get details about what we should expect to see and not to see in some packets captured with "snoop" during troubleshooting a problem? I know we can capture packes for a failed transaction and compare them with packets for a successful trasaction.Is that the only way to... (4 Replies)
Discussion started by: Pouchie1
4 Replies

7. UNIX for Advanced & Expert Users

FTP Snoop

Hi, Can anyone please tell me a ftp site where I can download the solaris snoop package? I need to download the package so I can use the command in a Linux environment instead of using tcpdump. Need practice with snoop. Thanks for your help. (3 Replies)
Discussion started by: Pouchie1
3 Replies

8. Shell Programming and Scripting

Parse snoop output

Hi all, Is it possible to create an script that parse an snoop output similar to the example above ? Each line is ended by "$" (set list in vi). as a result, I would like to print the output in only one line. can someone give me some tip ? Thanks a lot .:) l version="1.0" ... (5 Replies)
Discussion started by: robdcb
5 Replies

9. UNIX for Dummies Questions & Answers

Snoop - saving the file

Hi Guy's, I want to run a snoop on an interface and then save it to the local jumpbox that I am connected to the end device via. Can anyone help with the syntax please. Cheers (3 Replies)
Discussion started by: mutley2202
3 Replies

LEARN ABOUT SUSE

connect

transfer::connect(n)					     Data transfer facilities					      transfer::connect(n)

__________________________________________________________________________________________________________________________________________________

NAME

       transfer::connect - Connection setup

SYNOPSIS

       package require Tcl  8.4

       package require snit  ?1.0?

       package require transfer::connect  ?0.1?

       transfer::connect object ?options...?

       object destroy

       object connect command

_________________________________________________________________

DESCRIPTION

       This  package  provides objects holding enough information to enable them to either connect to a counterpart, or to be connected to by said
       counterpart.  I.e. any object created by this packages is always in one of two complementary modes, called active (the object initiates the
       connection) and passive (the object receives the connection).

       Of the two objects in a connecting pair one has to be configured for active mode, and the other then has to be configured for passive mode.
       This establishes which of the two partners connects to whom (the active to the other), or, who is waiting  on  whom  (the  passive  on  the
       other).	 Note  that this is completely independent of the direction of any data transmission using the connection after it has been estab-
       lished.	An active node can, after establishing the connection, either transmit or receive data. Equivalently the passive node can  do  the
       same after the waiting for it partner has ended.

API

       transfer::connect object ?options...?
	      This  command  creates  and  configures  a  new connection object. The fully qualified name of the object command is returned as the
	      result of the command.

	      The recognized options are listed below.

	      -mode mode
		     This option specifies the mode the object is in. It is optional and defaults to active mode. The two possible modes are:

		     active In this mode the two options -host and -port are relevant and specify the host and TCP port the object has to  connect
			    to. The host is given by either name or IP address.

		     passive
			    In	this  mode  the  option -host has no relevance and is ignored should it be configured.	The only option the object
			    needs is -port, and it specifies the TCP port on which the listening socket is opened to await the connection from the
			    partner.

	      -host hostname-or-ipaddr
		     This  option  specifies the host to connect to in active mode, either by name or ip-address. An object configured for passive
		     mode ignores this option.

	      -port int
		     For active mode this option specifies the port the object is expected to connect to. For passive mode however it is the  port
		     where  the  object creates the listening socket waiting for a connection. It defaults to 0, which allows the OS to choose the
		     actual port to listen on.

	      -encoding encodingname

	      -eofchar eofspec

	      -translation transspec
		     These options are the same as are recognized by the builtin command fconfigure. They provide the configuration to be set  for
		     the channel between the two partners after it has been established, but before the callback is invoked (See method connect).

       object destroy
	      This  method  destroys  the  object.   This is safe to do for an active object when a connection has been started, as the completion
	      callback is synchronous.	For a passive object currently waiting for its parter to establish the connection however this is not safe
	      and  will  cause	errors	later  on,  when the connection setup completes and tries to access the now missing data structures of the
	      destroyed object.

       object connect command
	      This method starts the connection setup per the configuration of the object. When the connection is established the callback command
	      will be invoked with one additional argument, the channel handle of the socket over which data can be transfered.

	      The  detailed  behaviour	of  the  method  depends  on  the  configured mode. For an active object the connection setup is done syn-
	      chronously. I.e. the object will wait until the connection is established. In that mode the method returns the empty string  as  its
	      result.

	      A  passive  object however operates asynchronously. The method will return immediately after a listener has been set up and the con-
	      nection will be established in the background. In that mode the method returns the port number of the listening socket, for  use	by
	      the caller, like transfering this information to the counterpart so that it may know where to connect to.

	      This is necessary as the object might have been configured for port 0, allowing the OS to choose the actual port it will listen on.

	      The  listening port is closed immediately when the connection was established by the partner, to keep the time interval small within
	      which a third party can connect to the port too. Even so it is recommended to use additional measures in the protocol outside of the
	      connect and transfer object to ensure that a connection is not used with an unidentified/unauthorized partner.

BUGS, IDEAS, FEEDBACK
       This document, and the package it describes, will undoubtedly contain bugs and other problems.  Please report such in the category transfer
       of the Tcllib SF Trackers [http://sourceforge.net/tracker/?group_id=12883].  Please also report any ideas for enhancements you may have for
       either package and/or documentation.

KEYWORDS

       active, channel, connection, passive, transfer

COPYRIGHT

       Copyright (c) 2006 Andreas Kupries <andreas_kupries@users.sourceforge.net>

transfer								0.1						      transfer::connect(n)
All times are GMT -4. The time now is 11:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy