|
|
发表于 2004-8-31 00:44:53
|
显示全部楼层
记得好象不是图形的
This is version 0.0.1 of Smbsniff, a LanManager file sniffer for unix.
Smbsniff is maintained by Frederic Lavecot : Frederic.Lavecot@hsc.fr
**** Please read this file to the end as it gives important information
**** and it's not very long
**** or a leat read section "WHAT YOU NEED TO KNOW BEFORE USING SMBSNIF"
WHAT IS SMBSNIF ?
-----------------
Smbsniff is a LanManager packet sniffer that will write to your disk all the
files shared and the documents printed in a LanManager environnement (all
the Microsoft and Samba machines using LanManager protocol to share data).
WHY WOULD YOU WANT TO USE SMBSNIF ?
-----------------------------------
To show people (your boss ?) how insecure this protocol is, for debugging
purposes, for fun, ...
WHAT YOU NEED TO KNOW BEFORE USING SMBSNIF
------------------------------------------
Smbsnif should work on *BSD and Linux and might even work on Solaris.
You will need the libpcap in all cases :
ftp://ftp.ee.lbl.gov/libpcap.tar.Z
or
http://www.tcpdump.org
Smbsniff can work directly on the network but the sniffing part is still wobbly
and you might (most probably will) loose data.
If you want to get the best out of smbsniff use a real sniffer like :
- the stable tcpdump : ftp://ftp.ee.lbl.gov/tcpdump.tar.Z
- the new tcpdump : http://www.tcpdump.org/
- ethereal : http://www.ethereal.com/
Use :
# tcpdump -s 1514 -w <file> port 139
$ smbsniff -f <file>
NOTE : Smbsniff is still under developement
and it is FAR from working perfectly.
KNOWN BUGS
----------
Files are not the right size / structure of the file is not correct.
(This is still an alpha version)
File size is bigger/smaller than the original file size.
(Same as above : still an early version and I don't have much time to spend
on it)
If you get a message like :
Read X : offset corrected file <file> will be wrong
Write X : offset corrected file <file> will be wrong
then this means the program is dropping packets or the sniffer you used to
capture the packets has dropped some packets. (It can also mean and this
is often the case that the program is not working correctly)
Note : under linux (when using tcpdump or other sniffers), their is no way
to know packets have been dropped.
Note 2 : If your sniffer IS dropping packets you can easily patch le libpcap
to adjust the size of the capture buffer. To do that :
In file pcap-bpf.c change the line
v = 32768;
to something like
v = 524288;
And don't forget to rebuild your pcap library.
That forked great for me.
CONTRIBUTIONS
-------------
If you want to contribute, send bug alerts or give feedback please mail me :
Frederic.Lavecot@hsc.fr.
WEB SITE
--------
Smbsniff's primary download site is :
http://www.hsc.fr/ressources/outils/index.html.en
Thanks to the following peoples for their suggestions and help
Stephane Aubert <Stephane.Aubert@hsc.fr>
Denis Ducamp <Denis.Ducamp@hsc.fr>
Jerome Bouigas
Sebastien Michaud
Also Herv�Schauer (for letting me work on this),
ee.lbl.gov (for libpcap and tcpdump),
and the free software community in general. |
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主