Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Network Sniffer On Steroids

Posted by kdawson on from the data-seepage dept.

QuantumCrypto writes "Errata has developed a new network sniffer, dubbed 'Ferret,' that looks for traffic using 25 protocols, including those for the popular instant message clients as well as DHCP, SNMP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more. 'You don't realize how much you're making public, so I wrote a tool that tells you,' said Robert Graham, Errata's chief executive. Errata has released the source code to this version 1.0, 'feature-poor and buggy' tool on its site. Anyone with a wireless card will be able to run it, Graham said."

10 of 129 comments (clear)

  1. Broadcom cards? by ShaunC · · Score: 2, Interesting

    Does anyone know if there are any special driver requirements, beyond "anyone with a wireless card?" The documentation is rather...sparse. I've got a Broadcom wireless card in my laptop and it's generally a pain to get things like aerodump going; it requires installing a debug driver, then rolling back the driver afterwards, and the network functionality itself is disabled during this period, at least with aerodump.

    I'm curious if ferret can sniff without the added hassle...

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  2. Wireshark? by Hackeron · · Score: 5, Interesting

    How is this different to say wireshark or any other traffic analyzer?

    1. Re:Wireshark? by Red+Flayer · · Score: 1, Interesting
      FTA:

      The Errata sniffer, dubbed Ferret, packs more punch than other network sniffers already available, such as Ethereal and Kismet, because it looks at so many different protocols, Graham said. Some at Black Hat called it a "network sniffer on steroids."

      Reading. It's what's for knowledge.

      Oh, and Wireshark was Ethereal. They had to change the name due to trademark concerns.
      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
    2. Re:Wireshark? by twistah · · Score: 2, Interesting

      By your logic, Wireshark is no different than tcpdump. But obviously, they are different. Wireshark is great at dissecting packets, not just dumping them in hex format. Ferret is good for sniffing broadcast information, such as NetBIOS traffic and iTunes DAAP, which can assist you in getting a picture of the current network. That's all it does. Yes, they are all pcap based, but they serve different purposes.

      Just like you could use Wireshark to sniff for passwords (or, hell, even tcpdump + ngrep), but it's a lot easier to use dsniff or Cain. I think Ferret is interesting stuff, as long as they develop it beyond a proof-of-concept. (Note that I only spent a few minutes reading about the tool, sorry for any misinformation.)

    3. Re:Wireshark? by slickwillie · · Score: 2, Interesting

      Well, for one thing Ethereal (Wireshark) used to have the best slogan on the Net:

      "Sniffing the glue that holds the Internet together."

  3. From TFA by Who235 · · Score: 2, Interesting

    "If the government was taking this information from you, people would be up in arms."

    First of all, they probably are sniffing you whenever it's convenient (like at the airport).

    Second of all, people sadly don't seem to care all that much.

    This looks like a cool tool, and I share the hope of an earlier poster that it will work with Broadcom cards - since that's what I have.
  4. Anyone remember a Mac one from 99/2000? by Kadin2048 · · Score: 3, Interesting

    Does anyone remember a Mac utility that came out a while back (by which I mean, maybe 5 or so years ago), that would put an Airport into promiscuous mode, and sniff for traffic, and then decode and display any images that it sniffed? It was a pretty amusing little program; I think I remember reading that it was thrown together at MacHack and won best of show, or some other honor.

    Basically you could run it, and it would give you an idea of what everyone on the wireless network was browsing, in the clear, at that moment, all sort of jumbled together.

    I've always wanted something like that, to use as a demonstration of how insecure most wireless APs (unencrypted ones) are, for nontechnical people, but I've never been able to find it, or any record of it. Sometimes I wonder if I just hallucinated the whole story.

    It would be a heck of a demo to just run something like that, particularly if you could target a particular connection, and then tell someone to load a web page, and be able to instantly display some or all of the page, or at least its images, in real time, to prove that you really were listening in on what they were doing. Most packet sniffers don't provide any direct, obvious, graphical output of stuff they sniff, and that's frankly just not dramatic enough to make an impression.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  5. EVERYTHING about this article is wrong. by jurgen · · Score: 4, Interesting
    This is a great example of the worst of slashdot (which isn't saying much)... just about everything in this article as it appears on the main page is wrong, word for word.
    • Category: YRO... why? What does this have to do with "rights"?

    • Title: "Sniffer on Steroids". Nothing steroidal about it... according to the authors of the software it is a buggy piece of shit whipped up quickly to demonstrate a very /specific/ type of traffic analysis for a talk.

    • "Looks for traffic using 25 protocols". Uh no, it doesn't use the protocols, it analyzes them.

    • List of protocols and applications... misses the point entirely as nothing explicitly as any other sniffer can also "capture" all those protocols. The point is that this program looks for and explicitly points to information within those protocol that you probably didn't realize was "seeping" out with those protocols. Mind you, you could still find all that same information with ANY OTHER SNIFFER... there is nothing technologically new about this sniffer. Rather, the authors have made a list of things that "seep" out with various applications and protocols that most people haven't thought of, and have written a simple ordinary sniffer that explicitly includes this list.

    • "Anyone with a wireless card will be able to run it"... uhm, yeah, anyone with a WINDOWS machine and the right kind of wireless card. Doh.

    Even for slashdot, that's pretty bad, eh?

    :j

  6. They probably already are by Weaselmancer · · Score: 2, Interesting

    I have a friend who works at Best Buy/Geek Squad. A guy came in with a government contract and a laptop, needing repairs. He was making small talk and said his job was to wardrive around and break into people's home computers and search them for child porn.

    Take it with a grain of salt - the guy was just some dude with a busted laptop walking into a Best Buy. But he did have a government contract, and a lot of wireless sniffer software on his machine.

    --
    Weaselmancer
    rediculous.
    1. Re:They probably already are by Lord+Ender · · Score: 3, Interesting

      Right. He had advanced security software, a van with sophisticated antennas, and no IT department to fix failures of their own equipment. So he takes it to Best Buy, where the teenage "technicians" install unnecessary anti-virus software, which proceeds to wipe out ("clean") all his security software...

      Yeah, right. They don't make salt grains big enough.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.