(Page 2 of 14)   < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >

Category: Sniffers

WinArpAttacker
Added 2006-06-25
by unshadow
WinArpAttacker 3.50 Readme Jun. 4th 2006 Author : unshadow Email : asia_message@hotpop.com Website: no, i'm looking for free website, if you have good advice you can tell me. ----------------------------------------------------------------------------- Caution: This program is dangerous, it is released just for research, any possible loss caused by this program is no relation with the author (unshadow), if you don't permit this, you must delete it immediately. If you use this program, I think you permit all of these. ----------------------------------------------------------------------------- WinArpAttacker is based on wpcap, you must install wpcap driver before running it. wpcap: http://winpcap.polito.it/install/bin/WinPcap_3_1.exe If you had installed old version of winpcap, just install WinPcap_3_1.exe overwrite it. ----------------------------------------------------------------------------- Contents 1. Overview 2. System Requirement 3. What's New 4. Getting Started 5. Known Issues 6. Revision History 7. To do ----------------------------------------------------------------------------- 1. Overview ------------------------------------ WinArpAttacker is a program that can scan,attack,detect and protect computers on local area network. The features as following: 1.1 Scan -. It can scan and show the active hosts on the LAN within a very short time (~2-3 seconds). It has two scan mode, one is normal scanning, the other is antisniff scanning. The later is to find who is sniffing on the lan. -. It can save and load computer list file. -. It can scan the Lan regularly for new computer list. -. It can update the computer list in passive mode using sniffing technology, that is, it can update the computer list from the sender's address of arp request packets without scanning the lan. -. It can perform advanced scanning when you open advanced scanning dialg on menu. -. It can scan a B class ip range in advanced scan dialg. -. It can scan acthost listed in event listview. 1.2 Attack -. It can pull and collect all the packets on the LAN. -. It can perform six attacking actions as following: (1) Arp Flood - Send ip conflict packets to target computers as fast as possible, if you send too much, the target computers will down. :-( (2) BanGateway - Tell the gateway a wrong mac address of target computers, so the targets can't receive packet from the internet. This attack is to forbid the targets access the internet. (3) IPConflict - Like Arp Flood, send ip conflict packets to target computers regularly, maybe the users can't work because of regular ip conflict message. what's more, the targets can't access the lan. (4) SniffGateway - Spoof the targets and the gateway, you can use sniffer to collect packets between them. (5) SniffHosts - Spoof among two or above targets, you can use sniffer to collect packets among all of them. (dangerous!!!!) (6) SniffLan - Just like SniffGateway, the difference is that SniffLan sends broadcast arp packets to tell all computers on the lan that this host is just the gateway, So you can sniff all the data between all hosts with the gateway.(dangerous!!!!!!!!!!!!!!) -. While spoofing ARP tables, it can act as another gateway (or ip-forwarder) without other users' recognition on the LAN. -. It can collect and forward packets through WinArpAttacker's ipforward function, you had best check disable system ipforward function because WinArpAttacker can do well. -. All data sniffed by spoofing and forwarded by WinArpAttacker ipforward function will be counted, as you can see on main interface. -. As your wish, the arp table is recovered automatically in a little time (about 5 seconds). Your also can select not to recover. 1.3 Detect -. What is the most important function, it can detect almost all attacking actions metioned as above as well as host status. the event WinArpAttacker can detect is listed as following: SrcMac_Mismath - Host sent an arp packet, its src_mac doesn't match,so the packet will be ignored. DstMac_Mismath - Host recv an arp packet, its dst_mac doesn't match,so the packet will be ignored. Arp_Scan - Host is scanning the lan by arp request for a hosts list. Arp_Antisniff_Scan - Host is scanning the lan for sniffing host,thus the scanner can know who is sniffing. Host_Online - Host is online now. Host_Modify_IP - Host modified its ip to or added a new IP. Host_Modify_MAC - Host modified its mac address. New_Host - New gost was found. Host_Add_IP - Host added a new ip address. Multi_IP_Host - Host has multi-ip addresses. Multi_Mac_Host - Host has multi-mac addresses. Attack_Flood - Host sends a lot of arp packets to another host ,so the target computer maybe slow down. Attack_Spoof - Host sends special arp packets to sniff the data two targets , so the victims' data exposed. Attack_Spoof_Lan - Host lets all host on the lan believe that it's just a gateway, so the intruder can sniff all hosts' data to the real gateway. Attack_Spoof_Ban_Access - Host told host that host has a inexist mac,so the targets can't communicate with each other. Attack_Spoof_Ban_Access_GW - Host told host that the gateway has a inexist mac, so the target can't access the internet through the gateway. Attack_Spoof_Ban_Access_Lan - Host broadcast host's mac as a inexist mac, so the target can't communicate with all hosts on the lan. Attack_IP_Conflict - Host found another host has same ip as its, so the target would be disturbed by ip conflict messages. Local_Arp_Entry_Change - now WinArpAttacker can watch local arp entry, when a host's mac address in local arp table is changed, WinArpAttacker can report. Local_Arp_Entry_Add - When a mac address of a host is added to local arp table, WinArpAttacker can report. -. It can explain each event which WinArpAttacker detected. -. It can save events to file. 1.4 Protect -. Support arp table protect. when WinArpAttacker detects local or remote host's is being arp-spoofing, it will recover local or remote host's arp tables as you wish. 1.5 Proxy Arp -. When hosts on your lan request other hosts' mac address, WinArpAttacker will tell it a certain mac address as you wish. -. It aims to realize accessing the internet without changing your ip on a new lan, but it also can make your lan in a big mass if you assign a wrong mac address. 1.6 Save arp packets -. It can save all sniffed arp packets to file. 1.7 other features. -. Support multi-network adapter and multi-ip address and multi-gateway on a computer, you can select different adapter and ip address to scan different lan. -. Support DHCP and fixed ip address. -. Count all the arp packets for each host, including sent and recieved arp packets. Arp R/S Q/P | | Action(Recive/Send) Arp packets type(ReQuest/RePly) - - - - ArpRQ meaning: The number of arp request packets recieved ArpRP meaning: The number of arp reply packets recieved ArpSQ meaning: The number or arp request packets sent ArpSP meaning: The number or arp reply packets sent 2. System Requirement. ------------------------------------ -. Local : Windows XP/2000/2003(But I hadn't tested it under Windows XP/2003) -. Remote : All computers including network devices -. WinPcap driver 3.1/lastest must be needed. 3. What's New ------------------------------------ + It can scan a large ip range for online hosts by advanced scanning mode. + It can protect local and reomte hosts from arp-spoofing. + It can enable proxy arp, act as a arp proxy. + It can save all sniffed arp packets to file. 4. Getting Started ------------------------------------ -. Firtly, install the latest WinPcap driver. -. second, just run WinArpAttacker.exe -. click scan button and start button -. look at arp information on remote computer with "arp -a" -. to stop attack, click stop button. -. to select adapter or ip address, click options button. -. to modify attacking setup, click options button. 5. Known Issues 1) This program should be run with administrator privilege. If not, the program will work abnormally. 2) The attacking action is dangerous, so you must be caution. 3) If there are many active hosts (more than 50) and the real gateway may be down on LAN. 6. Revision History ------------------------------------ = bug fixed + improvement/modification [Start of Versions History] Version 3.50 ( Jun. 4,2006) + It can detect local arp table's change. + It can protect local and reomte hosts from arp-spoofing. + It can enable proxy arp, act as a arp proxy. + It can save all sniffed arp packets to file. + It allows you send arp packets manunally. Version 3.02 ( Apr. 26,2006) + It can scan a large ip range for online hosts by advanced scanning mode. Version 3.00 ( Oct. 07, 2005) -------------------------------- + It can detect attacking actions. + Add serval scanning mode. + It can update the host list from ip packets. Version 1.50 ( May. 16, 2005) -------------------------------- + It can scan the Lan regularly for new computer list. + It can update the computer list in passive mode using sniffing technology, that is, it can update the computer list from the sender's address of arp request packets without scanning the lan. + Add two options: auto scan and update in passive mode. + It can diplay localhost's ip address , mac address, gateway ip address and current computer list status on status bar. + Add taskbar icon support, if you close the WinArpAttacker's window, it will leave a icon on taskbar, not really close, thus it can update computer list on the background. Version 1.10 ( April. 27, 2005) -------------------------------- + Support DHCP and fixed ip address. = When flood attack started, to click stop can't really stop flood attacking. = IP address is incorrectly sorted when 10.1.0.1 and 192.168.1.1 coexists. = When PacketSendPacket failed, to exit program will encounter an invalid operator. Version 1.00 ( April. 16, 2005) -------------------------------- This program is released. [End of Versions History] 7. To do none now, if you have good advice you can mailto me(asia_message@hotpop.com).

OmniPeek Personal
Added 2006-06-21
by WildPackets, Inc.
OmniPeek Personal is a free version of the commercial protocol analyzer AiroPeek and EtherPeek, with support for both wired and wireless (802.11) traffic. Additional plug-ins may also be downloaded, such as: a Google Maps plugin which plots the location of an IP in Google Maps, a SQLite plug-in which can store packets in SQLite files so they can be searched with SQL queries, and a Remote TCPDump plug-in which can securely (SSH) connect to any Unix or Linux computer (e.g. Check Point's FireWall-1) and stream the packets back into OmniPeek for analysis -- all with out having to install any software on the remote end.

SwitchSniffer
Added 2006-02-14
by Gordon Ahn
1. Overview SwitchSniffer is a program that can scan your switched LAN for up hosts and can reroute and collect all packets without the target users' recognition. It can also detect the ‘arpspoofer’ program running on the network and block user definable sessions like firewall. If you use this program in tandem with any sniffer program, you can capture and see the users’ IDs and passwords on a switched network. That is, SwitchSniffer enables you to monitor all the packets and all the hosts on a switch network. SwitchSniffer has the following features: -. SwitchSniffer can poll and collect all the packets on the switched LAN. -. SwitchSniffer can scan and display the active hosts on the LAN quickly, and automatically. -. While spoofing ARP tables, SwitchSniffer can act as another gateway (or ip-forwarder) without other users' recognition on the LAN.' -. It can collect and forward packets by selecting inbound, outbound, and both to be sent to the Internet. -. An ARP table is recovered automatically in about 30 seconds. But, SwitchSniffer can keep spoofing continuously by updating the target computer’s ARP table more frequently. -. If one or more network interface cards are installed on a computer, you can choose which NIC you would like SwitchSniffer to scan and spoof through. -. SwitchSniffer can display information about the amount of data transferred to and from the internet. -. SwitchSniffer can detect if any computer on the LAN is running an ‘arpspoofer’ program. -. SwitchSniffer can filter: sessions, local hosts, and remote hosts. -. The installation of the ‘winpcap’ driver is not necessary for SwitchSniffer. -. SwitchSniffer can manage the local hosts based on MAC Address. -. SwitchSniffer can act as a plug-and-played router. -. SwitchSniffer can export the data of view into an excel file. -. SwitchSniffer can cure arp-cache poisoning. SwitchSniffer has the following benefits: -. SwitchSniffer can make you use the network without blocking by arp-spoofer such as netcut, winarpspoofer and so on. -. SwitchSniffer can find the hidden hosts on the LAN, which is not found by IP-Scanners. -. SwitchSniffer can find if abnormal hosts are connected to your wireless network. -. SwitchSniffer protects your network from abnormal users. -. SwitchSniffer can check if there are abnormal packets on the LAN. -. SwitchSniffer allows you to capture user IDs, passwords, chat sessions and web sessions etc., on the switched network through the use of a sniffer application. -. SwitchSniffer can block the local hosts based on MAC Address. -. SwitchSniffer can resolve the problem of IP Collision. -. SwitchSniffer can find out the country name by ip address on remote. -. SwitchSniffer enables you to monitor all the packets on a switch network.

SwitchSniffer
Added 2006-01-01
by Gordon Ahn
1. Overview SwitchSniffer is a program that can scan your switched LAN for up hosts and can reroute and collect all packets without the target users' recognition. It can also detect the ‘arpspoofer’ program running on the network and block user definable sessions like firewall. If you use this program in tandem with any sniffer program, you can capture and see the users’ IDs and passwords on a switched network. >>> What's new: -. MAC Based Blocking. -. Converting the ip address into the country name. -. Export the view data into an excel file -. Coloring each row items. Employing the speed bars. Finding out the collision of ip addresses. >>> Features: -. SwitchSniffer can poll and collect all the packets on the switched LAN. -. SwitchSniffer can scan and display the active hosts on the LAN quickly, and automatically. -. While spoofing ARP tables, SwitchSniffer can act as another gateway (or ip-forwarder) without other users' recognition on the LAN.' -. It can collect and forward packets by selecting inbound, outbound, and both to be sent to the Internet. -. An ARP table is recovered automatically in about 30 seconds. But, SwitchSniffer can keep spoofing continuously by updating the target computer’s ARP table more frequently. -. If one or more network interface cards are installed on a computer, you can choose which NIC you would like SwitchSniffer to scan and spoof through. -. SwitchSniffer can display information about the amount of data transferred to and from the internet. -. SwitchSniffer can detect if any computer on the LAN is running an ‘arpspoofer’ program. -. SwitchSniffer can filter: sessions, local hosts, and remote hosts. The installation of the ‘winpcap’ driver is not necessary for SwitchSniffer. -. SwitchSniffer can manage the local hosts based on MAC Address. -. SwitchSniffer can act as a plug-and-played router. -. SwitchSniffer can export the data of view into an excel file. >>> Benefits: -. SwitchSniffer can find hidden hosts on the LAN. -. SwitchSniffer can find if abnormal hosts are connected to your wireless network. -. SwitchSniffer protects your network from abnormal users. -. SwitchSniffer can check if there are abnormal packets on the LAN. -. SwitchSniffer allows you to capture user IDs, passwords, chat sessions and web sessions etc., on the switched network through the use of a sniffer application. -. SwitchSniffer can block the local hosts based on MAC Address. -. SwitchSniffer can resolve the problem of IP Collision. -. SwitchSniffer can find out the contry name by ip address on remote. -. SwitchSniffer enables you to monitor all the packets on a switch network.

netdiscover
Added 2005-12-11
by Jaime Peñalba Estebanez
Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks. Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending arp requests, it can also be used to inspect your network arp traffic, and find network addresses using auto scan mode, which will scan for common local networks.

SwitchSniffer
Added 2005-11-30
by Gordon Ahn
1. Overview SwitchSniffer is a program that can scan your switched LAN for up hosts and can reroute and collect all packets without the target users' recognition. It can also detect the ‘arpspoofer’ program running on the network and block user definable sessions like firewall. If you use this program in tandem with any sniffer program, you can capture and see the users’ IDs and passwords on a switched network. 1.1 features: -. It can pull and collect all the packets on the LAN. -. It can scan and show the active hosts on the LAN within a very short time. -. While spoofing ARP tables, it can act as another gateway (or ip-forwarder) without other users' recognition on the LAN. -. It can collect and forward packets by selecting inbound, outbound, and both to be sent to the Internet. -. An ARP table is recovered automatically in a little time (about 30 seconds). But, this program can keep spoofing continuously with a periodic time. -. Although one or more network interface cards are installed on a computer, this program can scan and spoof by selecting one of NICs. -. It can get traffic information about the amount of data transferred to and from the internet including I session information. -. It can detect which computer is running an arpspoofer program on the local network. -. It can scan all hosts automatically on the network. -. It has a feature which filters or blocks sessions, local hosts and remote hosts. -. No more installation of winpcap driver. 1.2 Benefits: -. It can find out the hidden hosts on local area network. -. It can check out if abnormal hosts are connected on the wireless network. -. It protect your network from abnormal users. -. It can check out if there are abnormal packets on the local network. -. It can view users/passwords, chat sessions and web sessions etc., on the switch network by other application. 2. System Requirement 2.1 Local : Windows nt4/2000/xp/2003, 25MB free main memory, Network adapter which supports promiscuous mode. Remote : All computers including network devices must support Ethernet 3. Reference http://www.nextsecurity.net/

SwitchSniffer
Added 2005-11-08
by Gordon Ahn
1. Overview SwitchSniffer is a program that can scan computers alive and can pull, collect all packets and can route them without other users' recognition on the LAN. It can also detect arpspoofer program running on the network and block sessions like firewall. If you run this program and any sniffer program, you can even get and see all user ids/passwords on the switch network. 1.1 Features -. It can pull and collect all the packets on the LAN. -. It can scan and show the active hosts on the LAN within a very short time. -. While spoofing ARP tables, it can act as another gateway (or ip-forwarder) without other users' recognition on the LAN. -. It can collect and forward packets by selecting inbound, outbound, and both to be sent to the Internet. -. An ARP table is recovered automatically in a little time (about 30 seconds). But, this program can keep spoofing continuously with a periodic time. -. Although one or more network interface cards are installed on a computer, this program can scan and spoof by selecting one of NICs. -. It can get traffic information about the amount of data transferred to and from the internet including I session information. -. It can detect which computer is running an arpspoofer program on the local network. -. It can scan all hosts automatically on the network. -. It has a feature which filters or blocks sessions, local hosts and remote hosts. -. No more installation of winpcap driver. 1.2 Benefits: -. It can find out the hidden hosts on local area network. -. It can check out if abnormal hosts are connected on the wireless network. -. It protect your network from abnormal users. -. It can check out if there are abnormal packets on the local network. -. It can view users/passwords, chat sessions and web sessions etc., on the switch network by other application. 2. System Requirement Local : Windows nt4/2000/xp/2003, 25MB free main memory, Standard network adapter, LAN Connection (adapters supporting promiscuous mode) Remote : All computers including network devices

Coarse PortKnocking
Added 2005-11-03
by Andre Luiz Rodrigues Ferreira
This is a simple implementation of Port Knocking techniques. This sniffs network packets with determined keys and executes commands like firewall to open and close ports. In the client mode injects packets with key to server.

WiFiManager
Added 2005-08-17
by AdventNet
Integrated wlan security and Management tool. Identifies the vulnerabilities in the wlan, the intrusion attempts and mitigates wlan attacks. Helps in configuring the Access Points and in firmware upgrade.

ngrep for Windows
Added 2005-08-17
by BOBAH XPEHOB
Just ngrep by Jordan Ritter, compiled with PSSDK. Works from any removable disk without preinstaleed packet capture drivers.

Search Tools
Keyword:
Platform:
Category:
Browse by category
Auditing
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Sniffers
Recovery
Passwords
Utilities
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
Authentication
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Replacement
Libraries, Applications
Programming
Libraries
Cryptography
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Rootkits
Secure Deletion
Hardening
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


 

Privacy Statement
Copyright 2010, SecurityFocus