Category:Traffic Interception and Analysis

From SecurityForest


Table of contents
1 Sniffers
2 Passive Mappers
3 Designated Sniffers: Password Sniffing
4 Designated Sniffers: IM Sniffing
5 Designated Sniffers: HTTP Sniffing
6 Designated Sniffers: E-Mail Sniffing
7 Designated Sniffers: VOIP Sniffing

Sniffers

  • Wireshark - Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg - Sniffing the glue that holds the Internet together
Wireshark is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. A text-based version called tshark is included.
http://www.wireshark.org/
  • TCPDump , WinDump - Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg - The classic sniffer for network monitoring and data acquisition
Tcpdump is a well-known and well-loved text-based network packet analyzer ("sniffer"). It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down network problems or to monitor network activities. There is a separate Windows port named WinDump. TCPDump is also the source of the Libpcap/[1] (http://winpcap.polito.it|WinPcap) packet capture library, which is used by nmap among many other utilities.
http://www.tcpdump.org
http://windump.polito.it
  • ngrep Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg : Convenient packet matching & display
ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
http://www.packetfactory.net/projects/ngrep/
http://ngrep.sourceforge.net

Passive Mappers

  • p0f Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg : Passive OS Fingerprinting Tool
p0f is a versatile passive OS fingerprinting tool.
The passive OS fingerprinting technique is based on analyzing the information sent by a remote host while performing usual communication tasks - such as whenever a remote party visits your webpage, connects to your MTA - or whenever you connect to a remote system while browsing the web or performing other routine tasks. In contrast to active fingerprinting (with tools such as NMAP or Queso), the process of passive fingerprinting does not generate any additional or unusual traffic, and thus cannot be detected.
http://lcamtuf.coredump.cx/p0f.shtml
  • ntop Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg : Network Traffic Monitor
Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.
http://www.ntop.org

Designated Sniffers: Password Sniffing

Ace Password Sniffer can listen on your LAN and enables network administrators or parents to capture passwords of any network user. Currently Ace Password Sniffer can monitor and capture passwords through FTP, POP3, HTTP, SMTP, Telnet, and etc..
http://www.effetech.com/aps/
Etherscan Password Sniffer is a network sniffer program designed to capture and reveal passwords from many well-known protocols such as ftp, http, icq, irc, pop3 and many others. Etherscan Password Sniffer is very easy to operate and work on Windows 95/98/Me/2000/XP.
http://www.etherscan.com/Products/Password/
The most efficient and reliable password sniffer! Win Sniffer is a study in simplicity. Win Sniffer allows network administrators to capture passwords of any network user. Win Sniffer monitors incoming and outgoing network traffic and decodes FTP, POP3, HTTP, ICQ, SMTP, Telnet, IMAP, and NNTP usernames and passwords.
Unlike other network sniffers, Win Sniffer has advanced, integrated technology that allows it to reconstruct network traffic in a format that is simple to use and understand. While most other network sniffers merely display a list of packets traveling across a network, Win Sniffer will reconstruct each of those packets individually. Thus, capturing a clear and concise image of the integrity of an organizations entire network.
http://www.winsniffer.com
This little (dirty) project shows how easy to sniff network clients' Username and Password from SMTP, POP3, NNTP, FTP and IMAP4 accounts. The scenario could be in a workgroup, intranet, internet cafe or shared internet connection ... without secured connection (i.e. SSL, HTTPS). The network Administrator can actually intercept whatever an user send and receive.
http://www.aspsimply.com/cs/PasSniff.aspx

Designated Sniffers: IM Sniffing

  • ICQ Sniffer Image:Win.jpg : Monitor ICQ conversations on network!
ICQ Sniffer is a handy network utility to capture and log ICQ chat from computers within the same LAN. It supports messaging through ICQ server with format of plain text, RTF, or HTML. All intercepted messages are well organized by ICQ user with buddies and shown instantly on the main window. It provides rich-features report system to export captured ICQ conversations as HTML files for later analyzing and reference.
http://www.icq-sniffer.com
  • ICQ Snif Image:Win.jpg : ICQ Sniffer, ARP-Spoofing Supported, GUI\C-Li!
This software is designed to intercept ICQ, IRC and email messages across a LAN. It is possible to observe these messages in the same time the real users will receive it. All intercepted messages are stored in files, which can be later processed and analyzed. There are two versions for your convinince IcqSnif with GUI, and concole only IcqDump. The functionality is the same, except it is possible to select which machines to arp-spoof exactly in the GUI version.
http://www.ufasoft.com/icqsnif/
  • MSN Sniffer Image:Win.jpg : Monitor MSN messenger conversation on network!
MSN sniffer is a handy network utility to capture MSN chat on network. It records MSN conversations automatically. All intercepted messages can be saved as HTML files for later processing and analyzing.
http://www.effetech.com/msn-sniffer/
EtherBoss MSN Messenger Conversation Monitor is a handy network utility to capture and log MSN Messenger chat on network. All intercepted messages will be saved on the disk automatically. It also provides rich-features report and finding system to locate and export captured MSN conversations as HTML files for later analyzing and reference.
http://www.etherboss.com/msn-monitor/
  • MSN Chat Monitor Image:Win.jpg : Monitor MSN Chat and save into HTML file on local network!
MSN Chat Monitor is a network visibility tool to capture Conversationa of MSN chat on your local network. It consists of a well-integrated set of functions that you can be used to records MSN conversations automatically. You can got all intercepted messages and export them to HTML files,then you can analyzing and processing the file of be saved in you anytime. That is simple to use and understand.
http://www.ajivasoft.com
The Perl script presented here parse MSN Messenger message packets or P2P traffic and displays their contents. The script uses PCap to capture and parse the packets. The tool can be modified to parse other headers like TypingUser:
http://miscname.com
  • AIM Sniff Image:Lin.jpg Image:Bsd.jpg Image:Mac.jpg: Monitor MSN Chat and save into HTML file on local network!
AIM Sniff is a utility for monitoring and archiving AOL Instant Messenger messages across a network. You can either do a live dump (actively sniff the network) or read a PCAP file and parse the file for IM messages. You also have the option of dumping the information to a MySQL database, a flat file, STDOUT, or any combination of the three. AIM Sniff allows administrators to see how often users are chatting to monitor for abuse and you can also use AIM Sniff to monitor for cases of harassment or pirated software trading. It has been tested on FreeBSD, Linux, and OS X
http://www.aimsniff.com
  • AIM Sniffer Image:Win.jpg : Monitor AIM conversations on network!
AIM Sniffer is a handy network utility to capture and log AIM (AOL Instant Messenger) chat from computers within the same LAN. It supports not only messaging through AIM server but also direct connection messaging. All intercepted messages are well organized by AIM user with buddies and shown instantly on the main window. It provides rich-features report system to export captured AIM conversations as HTML files for later analyzing and reference.
http://www.effetech.com/aim-sniffer/

Designated Sniffers: HTTP Sniffing

EffeTech HTTP Sniffer is a HTTP packet sniffer, protocol analyzer and file reassembly software based on windows platform. Unlike most other sniffers, it is dedicated to capture IP packets containing HTTP protocol, rebuild the HTTP sessions, and reassemble files sent through HTTP protocol. Its smart real-time analyzer enables on-the-fly content viewing while capture, analyze, parse and decode HTTP protocol.
http://www.effetech.com/sniffer/
Advanced HTTP Packet Sniffer (AHPS) is advanced, software network analyzer specifically designed for Web development. It can capture and decode HTTP protocol packets which the Web browser uses to communicate with the Web server. Prepares in-depth HTTP protocol traffic analysis. Automatically identifies and displays it in an easy to understand format. What you can do with Advanced HTTP Packet Sniffer ? 1 Capture download files form web server passing through your Ethernet card or dial-up adapter. 2 View HTTP protocol method statistics: method, content type, status code, etc. 3 Browse captured and decoded packets. 4 Monitor bandwidth utilization. 5 Rebuild download files. 6 Log all packets to files. 7 Load and view capture files offline.
http://www.link-rank.com

Designated Sniffers: E-Mail Sniffing

  • Any@Mail Image:Win.jpg : Same as Outlook Express, but of the while network
Any@Mail Capture email-related packages on the LAN and decode the packages into emails exactly as the original ones. Any@Mail can also resolve the Name of the computers where emails are received or sent. Emails captured can be sorted by the computer names as well as IP address. Emails captured can be backuped and restored. Show total number of unread mails and all mails in each folder. Any@Mail support the preview of email titles. Two lines of the email content can also be previewed. Find mail either by sender, receiver, subject, message's preview content, date range and folder. Appoint thecomputers that need not to be monitored. Save message as a .eml (Outlook Express Format) file. Save attachments to disk. Any@Mail provides Outlook Express like interface. All functions of Any@Mail are easy to use. Any@Mail support password protect.
http://www.anyatmail.com

Designated Sniffers: VOIP Sniffing

  • VoIPong Image:Lin.jpg Image:Bsd.jpg: VoIP sniffer and call detector
VoIPong is a utility which detects all Voice Over IP calls on a pipeline, and for those which are G711 encoded, dumps actual conversation to seperate wave files. It supports SIP, H323, Cisco's Skinny Client Protocol, RTP and RTCP. It's been written in C language for performance reasons, proved to be running on Solaris, Linux and FreeBSD; though it's thought to compile and run on other platforms as well. On a 45 Mbit/sec actual network traffic, it's been verified that VoIPong successfully detected all VoIP gateways and the VoIP calls. CPU utilization during the run has been found ranging between 66% - 80% on a 256MB RAM, Celeron 1700 Mhz Toshiba notebook.
http://www.enderunix.org/voipong/
Intelica VoIP Intelligence provides most complete VoIP (voice over IP) network monitoring and troubleshooting solution in the industry. Features include call recording, QoS measurements, call recording and replay, advanced reporting and protocol analsysis. It's powerful multi-time scale (upto seconds) analysis and reporting allows users to go back in time and quickly zoom into problem area and perform a detailed call and packet level analysis.
http://www.intelicanetworks.com/voipintelligence.shtml

Articles in category "Traffic Interception and Analysis"

There are 0 articles in this category.
Retrieved from "http://www.securityforest.com/wiki/index.php/Category:Traffic_Interception_and_Analysis"
Advertisement