Tuesday, March 06, 2007

Yet more Ferret

The ZIP containing our presentation and the tool Ferret is on our website for download.

You need to have wincap to run it on Windows. The tool itself is the command-line version. We also have a "viewer" for the raw data, but that's JavaScript code that I don't know the redistribution rights for. The raw data is pretty good by itself, but the tree view version is a bit better.

Remember that the purpose of the tool is to catch all the things you broadcast about yourself and correlate it. It's not to sniff passwords, exploit bugs, or otherwise catch things that the users aren't willingly broadcasting to the word. The things we catch, such as mDNS, are those things that computers make public in order to make communication easier. For example, iTunes broadcasts it's presence on the network so other people can listen to your music. This means it also broadcasts your name so they know who you are. We capture this "seapage" and show a picture of the many things you are "seaping".

The source code will also compile on Linux or MacOS with only a couple obvious modifications. Just "gcc *.c" the source code and fix __int64, stricmp, and memicmp. Again, you need libpcap for it to work. Add these when things don't work on gcc:
#define __int64 long long
#define stricmp strcasecmp
#define strnicmp strncasecmp
#define memicmp memcmp

6 comments:

jason said...

I had to add

#define _snprintf snprintf

to ferret.h and then run

gcc *.c -lpcap

to compile.

This looks like a really cool tool, can't wait to try it out.

inaequitas said...

Hello. This is indeed a great tool. I've done a quick and 'dirty' port for my Mac that should generally run on Linux too. There's a Makefile and all, everything is on

http://hackd.net/code/ferret-bsd-port/

Cheers and thanks for this great tool!

one.miguel said...

Thanks for the port - I was scratching my head trying to compile it on OS X as well.

El said...

Well, it compiles just fine on OSX! Thanks a lot, I was making some progress, but had problems with the pcap library :-)

El said...

The port works just fine! Thanks.. I was up to the point where the linker complaints about the pcap functions on my Core2Duo Macbook Pro, but the makefile made my day
:-)

snagg said...

here's another patch I wrote to make ferret work under macosx, hope ti would be useful http://www1.autistici.org/snagg/blog/?p=23