GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  NETLEAKD (8)

NAME

netleakd - Network Leak Finder daemon

CONTENTS

Synopsis
Description
Options
Examples
Bugs
Author
Files
See Also

SYNOPSIS

netleakd [OPTIONS]

DESCRIPTION

netleakd is a network sniffer that gather packets sent by netleak(8) in the combined effort to detect network connectivity, or network leaks , between different network segments.

OPTIONS

--cfile lt;filegt; Alternate configuration file to use. By default netleakd will use ~/.netleakd /usr/local/etc/netleakd.conf or /etc/netleakd.conf.
--logfile lt;filegt; Logfile to use. netleakd prints found leaks onto stdout but logging to a file would be wise since timestamps also would appear. This works independantly from the --syslog flag.
--syslog Enable syslogging. This is turned on by default in the configuration file.
--signature lt;stringgt; String to search for inside the datafield of each packet. This must be the same signature that netleak(8) used while sending or nothing will be detected at all!
--interface lt;ifacegt; Network interface to listen on. Defaults to eth0
--notify lt;e-mailgt; When a packet have positively been identified by its signature, netleakd will send a notification e-mail to this address if enabled. This option will limit itself to 1 mail every 30 seconds and should therefore only be used in addition to logging or information would otherwise be lost.
--verbose Enable verbose mode.
--help Show help information.

EXAMPLES

To just start looking for packets that netleak(8) produces by default:

#$ netleakd

If netleak(8) was conducting a sweep on 10.0.0.0/24 with default signature, ICMP as protocol and the spoofing address correctly pointing to the host netleakd is running on, a packet that got through would look like this:

[!] Found leak (IP:) 10.0.0.3 (icmp 8:0) from 192.0.34.166

This tells us that the internal host "10.0.0.3" leaked an ICMP-echo response with signature "IP:" through the gateway "192.0.34.166", which is the leaking gateways ip-address on the Internet. "10.0.0.3" might be the gateway itself on the inside but remember that most responses will probably be workstations and when you actually detect leaks you get a whole bunch at a time - where one of them is the gateway.

BUGS

If you find any please let me know

AUTHOR

Jonas Hansen <jonas.v.hansen@gmail.com>

FILES

~/.netleakd

/etc/netleakd.conf

/usr/local/etc/netleakd.conf

SEE ALSO

netleak (8)
Search for    or go to Top of page |  Section 8 |  Main Index


NETLEAKD(8) NETLEAKD (8) JANUARY 2005

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.