You want to determine if insecure protocols are being used on the network.

Use dsniff .

To monitor the network for insecure protocols:

# dsniff -m [-i interface] [-s snap-length] [filter-expression]

To save results in a database, instead of printing them:

# dsniff -w gotcha.db [other options...]

To read and print the results from the database:

$ dsniff -r gotcha.db

To capture mail messages from SMTP or POP traffic:

# mailsnarf [-i interface] [-v] [regular-expression [filter-expression]]

To capture file contents from NFS traffic:

# filesnarf [-i interface] [-v] [regular-expression [filter-expression]]

To capture URLs from HTTP traffic:

# urlsnarf  [-i interface] [-v] [regular-expression [filter-expression]]

ngrep is also useful for detecting insecure network protocols. [Recipe 9.18]

dsniff is not supplied with Red Hat or SuSE, but installation is straightforward. A few extra steps are required for two prerequisite libraries, libnet and libnids, not distributed by Red Hat. SuSE provides these libraries, so you can skip ahead to the installation of dsniff itself on such systems.

If you need the libraries, first download libnet , a toolkit for network packet manipulation, from http://www.packetfactory.net/projects/libnet, and unpack it:

$ tar xvzpf libnet-1.0.*.tar.gz

Then compile it:^[10]

$ cd Libnet-1.0.*
$ ./configure --prefix=/usr/local
$ make

and install it as root:

# make install

We explicitly configure to install in /usr/local ...