-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsniffdet.1
144 lines (144 loc) · 4.16 KB
/
sniffdet.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
.\" libsniffdet - A library for network sniffers detection
.\" Copyright (c) 2002
.\" Ademar de Souza Reis Jr. <[email protected]>
.\" Milton Soares Filho <[email protected]>
.\"
.\" This is free documentation; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License as
.\" published by the Free Software Foundation; either version 2 of
.\" the License, or (at your option) any later version.
.\"
.\" The GNU General Public License's references to "object code"
.\" and "executables" are to be interpreted as the output of any
.\" document formatting or typesetting system, including
.\" intermediate and printed output.
.\"
.\" This manual is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public
.\" License along with this manual; if not, write to the Free
.\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111,
.\" USA.
.\"
.TH SNIFFDET 1 2002-11-25 "sniffdet manpage" "Remote Sniffer Detection Tool"
.SH NAME
sniffdet - Remote sniffer detection tool
.SH SYNOPSIS
.PP
sniffdet [options] TARGET
.PP
.SH DESCRIPTION
.PP
Sniffdet is an OpenSource implementation of a set of tests for remote
sniffers detection in TCP/IP network environments. It is useful for
remote sniffer detection or to just discover machines which are running
in promiscuous mode.
.PP
Sniffdet is very flexible and allows you to configure many of its options by
using the config file /etc/sniffdet.conf. It also has plugins support for
the result of its tests (currently, XML and stdout output are created).
.PP
You can see the full documentation at http://sniffdet.sourceforge.net
.PP
.SH OPTIONS
TARGET is a canonical hostname or a dotted decimal IPv4 address
.TP
\fB-i --iface=DEVICE\fR
Use network DEVICE interface for tests.
.br
Default is eth0 in linux systems.
.TP
\fB-l --log=FILE\fR
Use FILE for tests log.
.br
Default is none
.TP
\fB-c --configfile=FILE\fR
Use FILE as configuration file for application.
.br
Default is /etc/sniffdet.conf
.TP
\fB-f --hostsfile=FILE\fR
Use FILE as input for tests target. The file must be in ascii with one
hostname, IP or net address per line. Comments start with '#'
.TP
\fB-u --uid=UID\fR
Run program with UID (after dropping root).
.br
Default is UID 280 (from config file)
.TP
\fB-g --gid=GID\fR
Run program with GID (after dropping root)
.br
Default is GID 280 (from config file)
.TP
\fB-t --test=[testname]\fR
Perform a specific test(s)
.br
Where [testname] is a list composed by at least one of:
\fBdns\fR DNS test
\fBarp\fR ARP response test
\fBicmp\fR ICMP ping response test
\fBlatency\fR ICMP ping latency test
.br
.br
See the full documentation included with the
.br
library for information about all tests
.TP
\fB --pluginsdir=[directory]\fR
Select a directory where sniffdet will load plugins from
.TP
\fB-p --plugin=[plugin_name]\fR
Select a plugin to load (xml, stdout, etc).
.TP
\fB-f --targetsfile=[file]\fR
Scan all targets present in a file with a test.
.TP
\fB-v --verbose\fR
Run in verbose mode (extra output messages).
.br
Default is no.
.TP
\fB-s --silent\fR
Run in silent mode (no output messages).
.br
Default is no.
.TP
\fB-h, --help\fR
Show a help screen and exit
.TP
\fB--version\fR
Show version information and exit
.PP
.SH EXAMPLES
.PP
# sniffdet -i eth1 -t dns,arp,icmp foo.localdomain
.PP
Test the host foo.localdomain with dns, arp and icmp tests using the
interface eth1
.PP
.PP
# sniffdet -i eth0 -t latency foo.localdomain --plugin=xml
.PP
Test the machine foo.localdomain using the latency test through the
interface eth0. Output results using the xml plugin.
.SH BUGS
This program can be considered in beta stage since it was not widely tested.
Your support is appreciated. :-)
.br
.PP
.PP
Also see our TODO file.
.SH COPYRIGHT
Copyright (c) 2002-2003
Ademar de Souza Reis Jr. <[email protected]>
Milton Soares Filho <[email protected]>
.SH SEE ALSO
.BR sniffdet.conf (5)
.BR libsniffdet (3)
.PP
.BR http://sniffdet.sourceforge.net