VNC Spy monitors network traffic to find keystrokes entered into a VNC viewer. Letters the user types are printed to your screen.
So, for example, if an engineer insists on using VNC to log in from his Windows machine into your network whenever he wants from home, try leaving vncspy running for a while. I like to use the command:
sudo vncspy eth0 | tee keylog
Note that you need to run vncspy as root. You can either su root, or sudo.
This will sniff all keystrokes he enters from home to his VNC server. Assuming he has to enter his user name and password to log-on, you should see his user name in the keylog, followed by his password. It's that simple!
When you get his password, try writing it on a sticky-note, and pasting it on his monitor. I've found showing people their passwords to be very effective at improving their security habits.
vncspy must be run as root. It takes only one optional parameter, the interface to sniff on. If left out, it will use the first interface on your system, typically eth0.
The only major dependency for vncspy is the pcap development library. On Debian or Ubuntu, you may issue a command like:
sudo apt-get install libpcap0.8-dev
If your system does not have libpcap available, you can install it from source from:
Once you have libpcap, compiling vncspy is simple. Just type:
It should create the vncspy program. Let me know if you need help.