GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
NETLEAKD(8) Network Leak Finder Daemon NETLEAKD(8)

netleakd - Network Leak Finder daemon

netleakd [OPTIONS]

netleakd is a network sniffer that gather packets sent by netleak(8) in the combined effort to detect network connectivity, or network leaks , between different network segments.

--cfile <file>
Alternate configuration file to use. By default netleakd will use ~/.netleakd /usr/local/etc/netleakd.conf or /etc/netleakd.conf.
--logfile <file>
Logfile to use. netleakd prints found leaks onto stdout but logging to a file would be wise since timestamps also would appear. This works independantly from the --syslog flag.
--syslog
Enable syslogging. This is turned on by default in the configuration file.
--signature <string>
String to search for inside the datafield of each packet. This must be the same signature that netleak(8) used while sending or nothing will be detected at all!
--interface <iface>
Network interface to listen on. Defaults to eth0
--notify <e-mail>
When a packet have positively been identified by its signature, netleakd will send a notification e-mail to this address if enabled. This option will limit itself to 1 mail every 30 seconds and should therefore only be used in addition to logging or information would otherwise be lost.
--verbose
Enable verbose mode.
--help
Show help information.

To just start looking for packets that netleak(8) produces by default:

#$ netleakd

If netleak(8) was conducting a sweep on 10.0.0.0/24 with default signature, ICMP as protocol and the spoofing address correctly pointing to the host netleakd is running on, a packet that got through would look like this:

[!] Found leak (IP:) 10.0.0.3 (icmp 8:0) from 192.0.34.166

This tells us that the internal host "10.0.0.3" leaked an ICMP-echo response with signature "IP:" through the gateway "192.0.34.166", which is the leaking gateways ip-address on the Internet. "10.0.0.3" might be the gateway itself on the inside but remember that most responses will probably be workstations and when you actually detect leaks you get a whole bunch at a time - where one of them is the gateway.

If you find any please let me know

Jonas Hansen <jonas.v.hansen@gmail.com>

~/.netleakd

/etc/netleakd.conf

/usr/local/etc/netleakd.conf

netleak (8)
JANUARY 2005 NETLEAKD(8)

Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.