SSHOW(8) System Manager's Manual SSHOW(8)NAME
sshow - SSH traffic analysis tool
SYNOPSIS
sshow [-d] [-i interface | -p pcapfile] [expression]
DESCRIPTION
sshow analyzes encrypted SSH-1 and SSH-2 traffic, identifying authentication attempts, the lengths of passwords entered in interactive ses-
sions, and command line lengths.
The following advisory describes the attacks implemented by sshow in detail:
http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis.txt
OPTIONS -d Enable verbose debugging output.
-i interface
Specify the interface to listen on.
-p pcapfile
Process packets from the specified PCAP capture file instead of the network.
expression
Specify a tcpdump(8) filter expression to select traffic to sniff.
SEE ALSO dsniff(8), sshmitm(8)AUTHORS
Solar Designer <solar@openwall.com>
Dug Song <dugsong@monkey.org>
SSHOW(8)
Check Out this Related Man Page
ARPSPOOF(8) System Manager's Manual ARPSPOOF(8)NAME
arpspoof - intercept packets on a switched LAN
SYNOPSIS
arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host
DESCRIPTION
arpspoof redirects packets from a target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies. This
is an extremely effective way of sniffing traffic on a switch.
Kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter(8)) must be turned on ahead of time.
OPTIONS -i interface
Specify the interface to use.
-c own|host|both
Specify which hardware address t use when restoring the arp configuration; while cleaning up, packets can be send with the own
address as well as with the address of the host. Sending packets with a fake hw address can disrupt connectivity with certain
switch/ap/bridge configurations, however it works more reliably than using the own address, which is the default way arpspoof cleans
up afterwards.
-t target
Specify a particular host to ARP poison (if not specified, all hosts on the LAN). Repeat to specify multiple hosts.
-r Poison both hosts (host and target) to capture traffic in both directions. (only valid in conjuntion with -t)
host Specify the host you wish to intercept packets for (usually the local gateway).
SEE ALSO dsniff(8), fragrouter(8)AUTHOR
Dug Song <dugsong@monkey.org>
ARPSPOOF(8)
I am trying to print the lines with pattern and my pattern is set to a variable express
awk '/$express/{where=NR;print}' test2.log
I am not getting any data even though i have the data with the pattern. Can seomeone correct me with the awk command above? (20 Replies)
HI I have made a connection with external server which is also UNIX. I was tryign connectivity with this by telnet which fails and ping i sshowing socket is alive and traceroute tells the asterisk astersik:traceroute to 153.88.182.28 (153.88.182.28), 30 hops max, 8080 byte packets
1 * * *
2 *... (1 Reply)
I need to find all files and folders containing keyword from the topmost directory deep down the tree but omitting all references to keyword in web-search logs and entries, i.e. excluding search and browsing history made using web-browser1, web-browser2, web-browser3, (bypassing all entries of the... (8 Replies)