RE: Forgate 0.9 Released!

["Kuntzelman Brad MSgt AFIT/ENG" <Brad.Kuntzelman () afit edu>]

And there's always ettercap: http://ettercap.sourceforge.net

-----Original Message-----
From: ????????? ????????? ???????????? [mailto:mvv () kazna ru] 
Sent: Monday, January 26, 2004 12:02 AM
To: honeypots () securityfocus com
Subject: Re: Forgate 0.9 Released!


Hello,

----- Original Message ----- 
From: "Darren Bounds"

> I thought I'd let you know that I just posted the initial release of a

> little tool I've spent the last week working on. It's called Forgate 
> and it's available at: http://forgate.sourceforge.net.
>
> Forgate (Forge Gate) allows you to capture traffic from a 3rd party in

> a switched environment at the expense of a slight increase in latency 
> to that 3rd party host. Using ARP cache poisoning, packet capture and 
> packet reconstruction, Forgate works with nearly all TCP, ICMP and UDP

> IPv4 traffic flows.  Essentially it redirects the traffic flow, 
> analyses and displays the packet information, then reconstructs it and

> sends it back on it's way.
Great work!
Two years ago I met same problem (to sniff traffic in a switched
environment) and wrote simple utility - grabcon
(http://www.free-unices.org/~cybervlad/grabcon.c), which use same
technic (arp poison) to redirect traffic at a 2nd layer. But it simple
relay packets and doesn't capture traffic - instead I run tcpdump (or
other sniffer) in the other console.


> Regards,
>
> Darren Bounds, CISSP
> Intrusense LLC.
> http://www.intrusense.com

--
regards,
Vladislav V. Myasnyankin
Chief Information Security Officer
Bank "Severnaya Kazna".
www.kazna.ru / www.internetbank.ru
mvv at kazna.ru
phone (343-2) 59-27-32, 059
Personal homepage --> http://www.free-unices.org/~cybervlad