Penetration Testing mailing list archives
Re: [PEN-TEST] Deploying a Win32 Sniffer
From: Ryan Permeh <ryan () EEYE COM>
Date: Thu, 30 Nov 2000 10:58:10 -0800
the new winpcap drivers are dynaload. and so are the pcausa ndis drivers. You probably still need to do a reboot on nt 4, but on win2k, you shouldn't have to. We make Iris that is released, and captures packets using a dynaload driver, but is graphical in nature. It could, however, generate trace files that could be grabbed and processed off the target host. Signed, Ryan eEye Digital Security Team http://www.eEye.com ----- Original Message ----- From: "The Picard" <thepicard () HOME COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Wednesday, November 29, 2000 7:34 PM Subject: Re: Deploying a Win32 Sniffer
Also, the people from NT Objectives have a dynamically-loading version of windump, dubbed 2.03, which doesn't require a reboot. However, it's not stable and I've found that it messes up the network communication and/or freezing the machine after several uses. -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of MadHat Sent: None To: PEN-TEST () SECURITYFOCUS COM Subject: Re: Deploying a Win32 Sniffer At 04:36 PM 11/28/2000 -0500, you wrote:I have heard several people say that once you compromise a minor target you might want to install a packet sniffer to pickup IDs and passwords on the wire. The sniffers I have used (for example, DSniff for Win32) require a packet driver to be installed on the system and it be rebooted. Is there some
way
to sniff IDs/Passwords without that type of packet driver?buttsniffer (http://packetstorm.securify.com/sniffers/buttsniffer) is the only one I know of that is out. And can cause problems like crashing the machine. I have only played with it a little, so YMMV... Foundstone says they have one called fsniff that will work, but they haven't released it as of yet... MadHat at unspecific.com
Current thread:
- Re: [PEN-TEST] Deploying a Win32 Sniffer The Picard (Dec 01)
- Re: [PEN-TEST] Deploying a Win32 Sniffer Ryan Permeh (Dec 01)