Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

NETLEAKD(8)		  Network Leak Finder Daemon		   NETLEAKD(8)

NAME
       netleakd - Network Leak Finder daemon

SYNOPSIS
       netleakd [OPTIONS]

DESCRIPTION
       netleakd is a network sniffer that gather packets sent by netleak(8) in
       the combined effort to detect network connectivity, or network leaks  ,
       between different network segments.

OPTIONS
       --cfile <file>
	      Alternate	 configuration	file  to use. By default netleakd will
	      use      ~/.netleakd	 /usr/local/etc/netleakd.conf	    or
	      /etc/netleakd.conf.

       --logfile <file>
	      Logfile  to  use.	  netleakd  prints found leaks onto stdout but
	      logging to a file would be  wise	since  timestamps  also	 would
	      appear. This works independantly from the --syslog flag.

       --syslog
	      Enable  syslogging. This is turned on by default in the configu‐
	      ration file.

       --signature <string>
	      String to search for inside the datafield of each packet.	  This
	      must be the same signature that netleak(8) used while sending or
	      nothing will be detected at all!

       --interface <iface>
	      Network interface to listen on. Defaults to eth0

       --notify <e-mail>
	      When a packet have positively been identified by its  signature,
	      netleakd	will  send  a  notification  e-mail to this address if
	      enabled. This option will limit itself to 1 mail every  30  sec‐
	      onds and should therefore only be used in addition to logging or
	      information would otherwise be lost.

       --verbose
	      Enable verbose mode.

       --help Show help information.

EXAMPLES
       To just start looking for packets that netleak(8) produces by default:

       #$ netleakd

       If netleak(8) was conducting a sweep on 10.0.0.0/24 with default signa‐
       ture,  ICMP  as protocol and the spoofing address correctly pointing to
       the host netleakd is running on, a packet that got through  would  look
       like this:

       [!] Found leak (IP:) 10.0.0.3 (icmp 8:0) from 192.0.34.166

       This  tells  us	that  the internal host "10.0.0.3" leaked an ICMP-echo
       response with signature "IP:" through the gateway "192.0.34.166", which
       is the leaking gateways ip-address on the Internet. "10.0.0.3" might be
       the gateway itself on the inside but remember that most responses  will
       probably	 be  workstations and when you actually detect leaks you get a
       whole bunch at a time - where one of them is the gateway.

BUGS
       If you find any please let me know

AUTHOR
       Jonas Hansen <jonas.v.hansen@gmail.com>

FILES
       ~/.netleakd

       /etc/netleakd.conf

       /usr/local/etc/netleakd.conf

SEE ALSO
       netleak (8)

NETLEAKD(8)			 JANUARY 2005			   NETLEAKD(8)

Vote for polarhome