|
netleakd − Network Leak Finder daemon |
|
netleakd [OPTIONS] |
|
netleakd is a network sniffer that gather packets sent by netleak(8) in the combined effort to detect network connectivity, or network leaks , between different network segments. |
|
--cfile <file> |
|
Alternate configuration file to use. By default netleakd will use ~/.netleakd /usr/local/etc/netleakd.conf or /etc/netleakd.conf. |
|
--logfile <file> |
|
Logfile to use. netleakd prints found leaks onto stdout but logging to a file would be wise since timestamps also would appear. This works independantly from the --syslog flag. |
|
--syslog |
|
Enable syslogging. This is turned on by default in the configuration file. |
|
--signature <string> |
|
String to search for inside the datafield of each packet. This must be the same signature that netleak(8) used while sending or nothing will be detected at all! |
|
--interface <iface> |
|
Network interface to listen on. Defaults to eth0 |
|
--notify <e-mail> |
|
When a packet have positively been identified by its signature, netleakd will send a notification e-mail to this address if enabled. This option will limit itself to 1 mail every 30 seconds and should therefore only be used in addition to logging or information would otherwise be lost. |
|
--verbose |
|
Enable verbose mode. |
|
--help |
Show help information. |
|
To just start looking for packets that netleak(8) produces by default: #$ netleakd If netleak(8) was conducting a sweep on 10.0.0.0/24 with default signature, ICMP as protocol and the spoofing address correctly pointing to the host netleakd is running on, a packet that got through would look like this: [!] Found leak (IP:) 10.0.0.3 (icmp 8:0) from 192.0.34.166 This tells us that the internal host "10.0.0.3" leaked an ICMP-echo response with signature "IP:" through the gateway "192.0.34.166", which is the leaking gateways ip-address on the Internet. "10.0.0.3" might be the gateway itself on the inside but remember that most responses will probably be workstations and when you actually detect leaks you get a whole bunch at a time - where one of them is the gateway. |
|
If you find any please let me know |
|
Jonas Hansen <jonas.v.hansen@gmail.com> |
|
~/.netleakd /etc/netleakd.conf /usr/local/etc/netleakd.conf |
|
netleak (8) |