Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Network Sniffer On Steroids

Posted by kdawson on from the data-seepage dept.

QuantumCrypto writes "Errata has developed a new network sniffer, dubbed 'Ferret,' that looks for traffic using 25 protocols, including those for the popular instant message clients as well as DHCP, SNMP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more. 'You don't realize how much you're making public, so I wrote a tool that tells you,' said Robert Graham, Errata's chief executive. Errata has released the source code to this version 1.0, 'feature-poor and buggy' tool on its site. Anyone with a wireless card will be able to run it, Graham said."

6 of 129 comments (clear)

  1. Re:Wireshark? by Arkaic · · Score: 3, Informative

    Umm. Wireshark/Ethereal have had Win32 versions for quite some time. From reading the article and the download page I see nothing which distinguishes this app from others which were done first, and better.

  2. Re:Wireshark? by Hackeron · · Score: 5, Informative

    After reading their presentation and other material, here's how it's different to wireshark -- the packet analyzer part is just one of it's features:

    1) It can respond to various requests like DHCP requests (so it's like a lightweight collection of servers?)
    2) It has a port scanner to show running services (like nmap)
    3) It has kismet/netscambler functionality to break into wireless access points
    4) They go on and on about it not looking at data leakage but intential data like startup programs querying servers, etc -- After 6-7 pages of explaining this I still don't see the difference...

    At the end of the day, this looks like wireshark+nmap+kismet tied together made for the intent of tracking desired actions like buying new hardware in a firm

    So looks like move along, nothing to see her to me but I get the steroid bit now

  3. Re:Anyone remember a Mac one from 99/2000? by maxume · · Score: 4, Informative

    http://www.etherpeg.org/

    (I have no idea if it works with newer hardware/drivers, but I am pretty sure this is what you are talking about.)

    On linux:

    http://www.ex-parrot.com/~chris/driftnet/

    --
    Nerd rage is the funniest rage.
  4. Wireshark, anyone? by drix · · Score: 3, Informative

    Wireshark does waaaaay more than 25 protocols.

    --

    I think there is a world market for maybe five personal web logs.
  5. Wireshark does NOT do this by Anonymous Coward · · Score: 3, Informative

    What makes this sniffer stand out is not the fact that it can parse different protocol formats -- it's that it collects relevant data in a meaningful summary.

    For example, any sniffer can filter and then parse HTTP traffic, but an analyzer like this one tells you relevant bits like someone's web account names.

  6. Good Linux WIFI Cards by stevenm86 · · Score: 4, Informative

    Good for linux- with monitor mode

    * Atheros-based cards. Strangely, I don't hear these mentioned very often, but they have excellent support, complete with monitor mode, creating multiple interfaces from one card, etc. Oh and airpwn supports it :) - http://madwifi.org

    * Intel Pro Wireless (2100 / 2200 / 2950) - Works well, has monitor mode, wep in hardware, drivers actually developed by intel - http://ipw2200.sf.net and in the kernel at this point

    * Orinoco / Hermes / Lucent cards - in the kernel

    * Cards based on the Prism chipset based (http://prism54.org) BE WARNED though, some of the newer ones require "softmac" firmware which is currently not working all that well

    I have used a card from all of these manufacturers and if I were getting a new laptop, I would probably go with Atheros and if not that, then Intel.