PHoss

Phenoelit's own security sniffer

[Download |Documentation |Mail ]

Documentation

Disclaimer

The license for all Phenoelit tools can be found here.

Introduction

For all who do not know what the hell a sniffer is:
A sniffer is a software which opens a network interface for all packets and not only for these packets, which are send to this interface. This means, that the sniffer software hears everything. A sniffer can analyse the packets send and received over this segment.
ATTENTION:
Segment means a flat cable. All stations connected to the same bus are on the same segment. You share the bus with other stations if you use 10Base2 or 10BaseT connected to a HUB. A switch prevents the use of a sniffer because it prevents the traffic to pass your interface. Use ARP0c2 to sniff in switched environments.

PHoss is a sniffer. A normal sniffer software is designed to find problems in data communication on the network. PHoss is designed to know some protocols which use (or may use) clear text passwords. Many protocols are designed to use secure authentication. For fallback they define a lowest level of authentication using clear text. Many companies use this lowest fallback definition as standard setting to make the product working in many environments.
This is our point to start from.

How to use

The usage is simple. Really.
Log on your Linux box as root and start PHoss:
./Phoss
If you like to see what's going on use the -v (verbose) option. If you use more then one v it increases the verbosity level. -vvv is maximum.
The other options are:

Technical details

PHoss supports the following protocols in the current version: