Information Security News
Are you looking for another packet sniffer? justniffer is a packet sniffer with some interesting features. According to the author, this packet sniffer can rebuild and save HTTP file content sent over the network. It uses portions of Linux kernel source code for handling all TCP/IP stuff. Precisely, it uses a slightly modified version of the libnids libraries that already include a modified version of Linux code in a more reusable way. The tarball can be downloaded here and a package is already available for Ubuntu.
The binary execution is pretty straightforward, you can capture/read of the wire or replay captured pcap files. This example (using -l option for custom log format) will output the Time, Destination IP, Website and URL:
justniffer -l %request.timestamp %dest.ip %request.header.host %request.url -f file.pcap
11/01/14 17:31:42 126.96.36.199 www.blackberry.com /select/wifiloginsuccess/EN/
11/01/14 13:08:45 188.8.131.52 init.ess.apple.com /WebObjects/VCInit.woa/wa/getBag?ix=1
11/01/14 12:55:27 184.108.40.206 fonts.gstatic.com /s/droidserif/v6/0AKsP294HTD-nvJgucYTaOL2WfuF7Qc3ANwCvwl0TnA.woff2
11/01/14 12:55:26 220.127.116.11 fonts.googleapis.com /css?family=Droid+Serif:regular|Crimson+Text:italic
justniffer-grab-http-traffic -d /tmp/web_traffic -U nobody -i eth1
It can decode other protocols by reading them in raw format. For example, just reading an email without any options output the follow summary information:
[email protected]:/tmp/justniffer -f mail_mime.pcap
192.168.37.202 - - [-] test.mail.ca 0
192.168.37.202 - - [29/Dec/2008:19:35:08 -0500] HELO web88101.mail.re2.yahoo.com mail.server.ca 0
192.168.37.202 - - [29/Dec/2008:19:35:08 -0500] MAIL FROM:
192.168.37.202 - - [29/Dec/2008:19:35:08 -0500] RCPT TO:
192.168.37.202 - - [29/Dec/2008:19:35:08 -0500] DATA Enter 0
192.168.37.202 - - [29/Dec/2008:19:35:10 -0500] 30 Dec 2008 00:35:02 -0000 2.0.0 0
192.168.37.202 - - [29/Dec/2008:19:35:10 -0500] QUIT 2.0.0 0
Adding raw Mon, 29 Dec 2008 19:35:08 -0500 (EST)
250 test.mail.ca Hello web88101.mail.re2.yahoo.com [18.104.22.168], pleased to meet you
354 Enter mail, end with . on a line by itself
This is another tool alternative to capture and analyze traffic that can be added to your tool bag. Give it a try.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Industry News: FireEye Partners with Verizon
FireEye and Verizon Enterprise Solutions have partnered to offer Verizon managed services and FireEye advanced threat protection capabilities. The companies say the combination of FireEye technology and Verizon managed security services capabilities ...
BBX Capital Corporation Reports Financial Results for the Third Quarter, 2014
Copies of the documents filed with the SEC by BFC are available free of charge on BFC's website at www.bfcfinancial.com under the tab "Investor Relations - Regulatory Info - SEC Filings" or by directing a request by mail to BFC Financial Corporation ...
BFC Financial Corporation Reports Financial Results for the Third Quarter, 2014