Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
NETLEAKD(8)		  Network Leak Finder Daemon		   NETLEAKD(8)

NAME
       netleakd	- Network Leak Finder daemon

SYNOPSIS
       netleakd	[OPTIONS]

DESCRIPTION
       netleakd	is a network sniffer that gather packets sent by netleak(8) in
       the  combined effort to detect network connectivity, or network leaks ,
       between different network segments.

OPTIONS
       --cfile <file>
	      Alternate	configuration file to use. By  default	netleakd  will
	      use	~/.netleakd	  /usr/local/etc/netleakd.conf	    or
	      /etc/netleakd.conf.

       --logfile <file>
	      Logfile to use.  netleakd	prints found  leaks  onto  stdout  but
	      logging  to a file would be wise since timestamps	also would ap-
	      pear. This works independantly from the --syslog flag.

       --syslog
	      Enable syslogging. This is turned	on by default in the  configu-
	      ration file.

       --signature <string>
	      String  to search	for inside the datafield of each packet.  This
	      must be the same signature that netleak(8) used while sending or
	      nothing will be detected at all!

       --interface <iface>
	      Network interface	to listen on. Defaults to eth0

       --notify	<e-mail>
	      When a packet have positively been identified by its  signature,
	      netleakd	will send a notification e-mail	to this	address	if en-
	      abled. This option will limit itself to 1	mail every 30  seconds
	      and  should therefore only be used in addition to	logging	or in-
	      formation	would otherwise	be lost.

       --verbose
	      Enable verbose mode.

       --help Show help	information.

EXAMPLES
       To just start looking for packets that netleak(8) produces by default:

       #$ netleakd

       If netleak(8) was conducting a sweep on 10.0.0.0/24 with	default	signa-
       ture, ICMP as protocol and the spoofing address correctly  pointing  to
       the  host  netleakd is running on, a packet that	got through would look
       like this:

       [!] Found leak (IP:) 10.0.0.3 (icmp 8:0)	from 192.0.34.166

       This tells us that the internal host "10.0.0.3" leaked an ICMP-echo re-
       sponse with signature "IP:" through the gateway	"192.0.34.166",	 which
       is the leaking gateways ip-address on the Internet. "10.0.0.3" might be
       the  gateway itself on the inside but remember that most	responses will
       probably	be workstations	and when you actually detect leaks you	get  a
       whole bunch at a	time - where one of them is the	gateway.

BUGS
       If you find any please let me know

AUTHOR
       Jonas Hansen <jonas.v.hansen@gmail.com>

FILES
       ~/.netleakd

       /etc/netleakd.conf

       /usr/local/etc/netleakd.conf

SEE ALSO
       netleak (8)

NETLEAKD(8)			 JANUARY 2005			   NETLEAKD(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=netleakd&sektion=8&manpath=FreeBSD+Ports+15.0.quarterly>

home | help