NAME

SYNOPSIS

DESCRIPTION

OPTIONS

--cfile <file>

Alternate configuration file to use. By default netleakd will use ~/.netleakd /usr/local/etc/netleakd.conf or /etc/netleakd.conf.

--logfile <file>

Logfile to use. netleakd prints found leaks onto stdout but logging to a file would be wise since timestamps also would appear. This works independantly from the --syslog flag.

--syslog

Enable syslogging. This is turned on by default in the configuration file.

--signature <string>

String to search for inside the datafield of each packet. This must be the same signature that netleak(8) used while sending or nothing will be detected at all!

--interface <iface>

Network interface to listen on. Defaults to eth0

--notify <e-mail>

When a packet have positively been identified by its signature, netleakd will send a notification e-mail to this address if enabled. This option will limit itself to 1 mail every 30 seconds and should therefore only be used in addition to logging or information would otherwise be lost.

--verbose

Enable verbose mode.

--help

Show help information.

EXAMPLES

#$ netleakd

If netleak(8) was conducting a sweep on 10.0.0.0/24 with default signature, ICMP as protocol and the spoofing address correctly pointing to the host netleakd is running on, a packet that got through would look like this:

[!] Found leak (IP:) 10.0.0.3 (icmp 8:0) from 192.0.34.166

This tells us that the internal host "10.0.0.3" leaked an ICMP-echo response with signature "IP:" through the gateway "192.0.34.166", which is the leaking gateways ip-address on the Internet. "10.0.0.3" might be the gateway itself on the inside but remember that most responses will probably be workstations and when you actually detect leaks you get a whole bunch at a time - where one of them is the gateway.

BUGS

AUTHOR

FILES

/etc/netleakd.conf

/usr/local/etc/netleakd.conf

SEE ALSO