Honeypots mailing list archives

Re: Forgate 0.9 Released!

From: "????????? ????????? ????????????" <mvv () kazna ru>
Date: Mon, 26 Jan 2004 10:01:45 +0500

Hello,

----- Original Message ----- 
From: "Darren Bounds"

I thought I'd let you know that I just posted the initial release of a
little tool I've spent the last week working on. It's called Forgate
and it's available at: http://forgate.sourceforge.net.

Forgate (Forge Gate) allows you to capture traffic from a 3rd party in
a switched environment at the expense of a slight increase in latency
to that 3rd party host. Using ARP cache poisoning, packet capture and
packet reconstruction, Forgate works with nearly all TCP, ICMP and UDP
IPv4 traffic flows.  Essentially it redirects the traffic flow,
analyses and displays the packet information, then reconstructs it and
sends it back on it's way.

Great work!
Two years ago I met same problem (to sniff traffic in a switched
environment) and wrote simple utility - grabcon
(http://www.free-unices.org/~cybervlad/grabcon.c), which use same technic
(arp poison) to redirect traffic at a 2nd layer. But it simple relay packets
and doesn't capture traffic - instead I run tcpdump (or other sniffer) in
the other console.

Regards,

Darren Bounds, CISSP
Intrusense LLC.
http://www.intrusense.com


--
regards,
Vladislav V. Myasnyankin
Chief Information Security Officer
Bank "Severnaya Kazna".
www.kazna.ru / www.internetbank.ru
mvv at kazna.ru
phone (343-2) 59-27-32, 059
Personal homepage --> http://www.free-unices.org/~cybervlad

Current thread:

Forgate 0.9 Released! Darren Bounds (Jan 23)
- Re: Forgate 0.9 Released! ????????? ????????? ???????????? (Jan 26)
- <Possible follow-ups>
- Re: Forgate 0.9 Released! Vladislav V. Myasnyankin (Jan 27)
- RE: Forgate 0.9 Released! Kuntzelman Brad MSgt AFIT/ENG (Jan 27)