exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

sniffit-FAQ.html

sniffit-FAQ.html
Posted Aug 17, 1999
Site reptile.rug.ac.be

The Sniffit-FAQ V.0.2

tags | tool, sniffer
SHA-256 | 05be3bd26f7332ec4d4787ba872d559166783e69cf328cdbc6da5eef6b7af976

sniffit-FAQ.html

Change Mirror Download
<HTML>
<HEAD>
<TITLE>Sniffit-FAQ Page</TITLE>
</HEAD>
<BODY BGCOLOR="#000000" TEXT="#2BA306" LINK="#64EC18" VLINK="#3FEC3C">
<A HREF="sniffit.html">Back to previous page</A>

<PRE>
------[ The Sniffit-FAQ V.0.2]------------------------------------------------

As the same questions keep popping up in my mailbox, I decided to write a
Sniffit-FAQ.

------[ The Questions ]-------------------------------------------------------

0. Why do we have to wait so long for a new version?

1. 'sniffit -i' doesn't work. It says unknown option.

1.b. I'm sure I have NCURSES, but I still have that problem!

2. I can only see packets to/from my own computer, what is wrong? (BTW:
I'm on PPP).

3. I have e.g. to ethernetcards, but 'sniffit -F /dev/eth1' doesn't work,
why?

4. How can I find the device names?

5. Why can't my LINUX capture packets?

6. I'm on a BSD/BSDi/FreeBSD/... , When starting Sniffit I get: "Couldn't open
device", what is wrong?

------[ The Answers ]---------------------------------------------------------

0. Why do we have to wait so long for a new version?

Simple... Those of you who were at HIP 97 have a preview version
(0.3.6 alpha). I didn't have time to finish and clean it up yet.
This is due to the fact that this is my last year of electronic
engineering and that I'm up to my neck in project work.
It's now official ;) after my finals I will have time again for Sniffit work!
But don't worry, I'm not going to stop development!!

1. 'sniffit -i' doesn't work. It says unknown option.

Prior to 0.3.5 you had to configure Sniffit manual, that was a drag,
so I made it configure itself. Problem now is that it is too automatic.
When running the 'configure' script, it looks for 'ncurses' (which is
needed for the interactive mode), when it does not find 'ncurses', it
just excludes interactive mode, so '-i' becomes an unknown option.
Solution: if you haven't got 'ncurses', install it (to be found at any
sunsite mirror). If you are sure you have it, well it probably isn't
in the right directories, maybe use some symbolic links.
These are the dirs 'configue' looks in:
/usr/include:/usr/include/ncurses:/usr/include/curses
/usr/local/include:/usr/local/include/ncurses:
/usr/local/include/curses
and as of 0.3.6 Sniffit also looks in:
./:./ncurses
(BTW: it looks for a file 'ncurses.h')

1.b. I'm sure I have NCURSES, but I still have that problem!

Sometimes you have NCURSES, but no 'ncurses.h' file. Simple, just link
(soft) 'ncurses.h' to 'curses.h'.

2. I can only see packets to/from my own computer, what is wrong? (BTW:
I'm on PPP)

PPP: Point to Point connection.
Per defenition, this protocol will only carry packets that contain
information for the connected computer.
As a consequence on your side, you see only things that got to/come
from your computer, so Sniffit works fine.
To see traffic of whole subnets, you need protocols like ethernet (the
coax cable).

3. I have e.g. to ethernetcards, but 'sniffit -F /dev/eth1' doesn't work,
why?

Don't put any path in front of the devices. These names aren't even
listed in /dev/.
The correct line would be: 'sniffit -F eth1'

4. How can I find the device names?

Well in case Sniffit doesn't find the correct name itself, you will
have to find it, and use the '-F' parameter.
The devices can be found by using the 'ifconfig' or 'route' commands.

5. Why can't my LINUX capture packets?

You should upgrade the kernel.
Normally Sniffit should work on all kernels older then 2.0.0.
But I advise using a kernel older then 2.0.25.
(You could also downgrade the libpcap version to that used wityh
Sniffit 0.3.3 if all else fails)

6. I'm on a BSD/BSDi/FreeBSD/... , When starting Sniffit I get: "Couldn't open
device", what is wrong?

Just recompile your kernel with BPF support and all will be fine.
(Packet Filter support)

------[ The End ]-------------------------------------------------------------

</PRE>


<BR><CENTER><IMG SRC="../pagetail.jpg"></CENTER></BR>
<ADDRESS>
Brecht Claerhout: <A HREF="mailto:coder@reptile.rug.ac.be">
coder@reptile.rug.ac.be</A>
</ADDRESS>
</BODY>
</HTML>
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close