lgandx / Responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
GNU General Public License v3.0
5.49k stars 777 forks source link

Does responder ignore certain types of traffic? #286

Closed ZerkerEOD closed 2 months ago

ZerkerEOD commented 2 months ago

I tried running responder on my network, using the Analysis mode and verbose, and after a few minutes it wasn't detecting any traffic. I then looked at Wireshark and was seeing mDNS and LLMNR traffic, mainly for stuff like Spotify, Google and Microsoft. Does responder ignore specific types of traffic or is my install bunked? I installed through Black Arch repo on EndeavorOS. I needed to install netifaces through pip as an addition to get the tool running but there were no errors when running.

lgandx commented 2 months ago

You need to provide the network interface you want Responder to listen on with the -I switch.

ZerkerEOD commented 2 months ago

@lgandx, sorry the -I switch was used.