A Network Sniffer On Steroids

← Back to Stories (view on slashdot.org)

A Network Sniffer On Steroids

Posted by kdawson on Tuesday March 6, 2007 @07:40AM from the data-seepage dept.

QuantumCrypto writes "Errata has developed a new network sniffer, dubbed 'Ferret,' that looks for traffic using 25 protocols, including those for the popular instant message clients as well as DHCP, SNMP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more. 'You don't realize how much you're making public, so I wrote a tool that tells you,' said Robert Graham, Errata's chief executive. Errata has released the source code to this version 1.0, 'feature-poor and buggy' tool on its site. Anyone with a wireless card will be able to run it, Graham said."

4 of 129 comments (clear)

Min score:

Reason:

Sort:

Brilliant by Gothmolly · 2007-03-06 07:51 · Score: 2, Insightful

You mean that by analyzing my DNS and HTTP traffic, either in the clear or from a cracked WEP session, that you can infer, or worse, identify, certain definite pieces of information about my Internet usage habits?
Boy, if I had a tool that could do that, I'd certainly astroturf it on Slashdot.

--
I want to delete my account but Slashdot doesn't allow it.
Re:Broadcom cards? by Kadin2048 · 2007-03-06 08:43 · Score: 5, Insightful

Broadcom chipsets are absolute and utter crap. DO NOT USE THEM.

The problem is that you could toss out your crappy, but admittedly working, Broadcom-based card, and inadvertently pick up a Marvell one instead, or one of the newer ones that have some sort of proprietary binary blob firmware that gets loaded by the driver, and will probably never, ever have legitimate Linux drivers.

If you have a wireless card that actually works on Linux, here's a piece of advice: get on your knees and thank the diety of your choice for smiling on you, and not leading you astray into the Purgatory of identical-model-number-but-different-chipsets, or the Hell of alpha-quality drivers. And then, don't mess with anything.

And if you got AES working, sacrifice a goat.

--
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Re:Broadcom cards? by caluml · 2007-03-06 08:59 · Score: 5, Insightful

If you have a wireless card that actually works on Linux,

Just check what card it is before you buy, and don't buy any that don't have Open Source, native Linux support. It's what I do. Cisco, Orinoco, the new Intel IPW drivers.
If you buy something that doesn't work, don't cry when it doesn't work.

--
Get your own free personal location tracker
Re:Wireshark? by s_p_oneil · 2007-03-06 09:38 · Score: 4, Insightful

Over 99% of Internet users wouldn't have a clue how to use Wireshark. "What are all these SYN messages? Are they caused by a virus or spyware?"

Actually, that's a gross exaggeration. Very few Internet users would even be able to figure out how to start a capture in Wireshark. The more timid ones wouldn't even make it to the "No capture interface selected!" error, and most of the rest would be lost when they ran into that.

If Ferret successfully dumbs it down, then it could be quite useful to a lot of Internet users. In that case, I wouldn't say it was a sniffer on steroids though. More like a "for dummies" version.