DragonFly On-Line Manual Pages

Search: Section:  

NETLEAKD(8)               Network Leak Finder Daemon               NETLEAKD(8)


NAME

       netleakd - Network Leak Finder daemon


SYNOPSIS

       netleakd [OPTIONS]


DESCRIPTION

       netleakd is a network sniffer that gather packets sent by netleak(8) in
       the combined effort to detect network connectivity, or network leaks ,
       between different network segments.


OPTIONS

       --cfile <file>
              Alternate configuration file to use. By default netleakd will
              use ~/.netleakd /usr/local/etc/netleakd.conf or
              /etc/netleakd.conf.

       --logfile <file>
              Logfile to use.  netleakd prints found leaks onto stdout but
              logging to a file would be wise since timestamps also would
              appear. This works independantly from the --syslog flag.

       --syslog
              Enable syslogging. This is turned on by default in the
              configuration file.

       --signature <string>
              String to search for inside the datafield of each packet.  This
              must be the same signature that netleak(8) used while sending or
              nothing will be detected at all!

       --interface <iface>
              Network interface to listen on. Defaults to eth0

       --notify <e-mail>
              When a packet have positively been identified by its signature,
              netleakd will send a notification e-mail to this address if
              enabled. This option will limit itself to 1 mail every 30
              seconds and should therefore only be used in addition to logging
              or information would otherwise be lost.

       --verbose
              Enable verbose mode.

       --help Show help information.


EXAMPLES

       To just start looking for packets that netleak(8) produces by default:

       #$ netleakd

       If netleak(8) was conducting a sweep on 10.0.0.0/24 with default
       signature, ICMP as protocol and the spoofing address correctly pointing
       to the host netleakd is running on, a packet that got through would
       look like this:

       [!] Found leak (IP:) 10.0.0.3 (icmp 8:0) from 192.0.34.166

       This tells us that the internal host "10.0.0.3" leaked an ICMP-echo
       response with signature "IP:" through the gateway "192.0.34.166", which
       is the leaking gateways ip-address on the Internet. "10.0.0.3" might be
       the gateway itself on the inside but remember that most responses will
       probably be workstations and when you actually detect leaks you get a
       whole bunch at a time - where one of them is the gateway.


BUGS

       If you find any please let me know


AUTHOR

       Jonas Hansen <jonas.v.hansen@gmail.com>


FILES

       ~/.netleakd

       /etc/netleakd.conf

       /usr/local/etc/netleakd.conf


SEE ALSO

       netleak (8)

NETLEAKD(8)                      JANUARY 2005                      NETLEAKD(8)

Search: Section: