Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
GNU General Public License v3.0
5.49k
stars
777
forks
source link
Does responder ignore certain types of traffic? #286
I tried running responder on my network, using the Analysis mode and verbose, and after a few minutes it wasn't detecting any traffic. I then looked at Wireshark and was seeing mDNS and LLMNR traffic, mainly for stuff like Spotify, Google and Microsoft. Does responder ignore specific types of traffic or is my install bunked? I installed through Black Arch repo on EndeavorOS. I needed to install netifaces through pip as an addition to get the tool running but there were no errors when running.
I tried running responder on my network, using the Analysis mode and verbose, and after a few minutes it wasn't detecting any traffic. I then looked at Wireshark and was seeing mDNS and LLMNR traffic, mainly for stuff like Spotify, Google and Microsoft. Does responder ignore specific types of traffic or is my install bunked? I installed through Black Arch repo on EndeavorOS. I needed to install netifaces through pip as an addition to get the tool running but there were no errors when running.