From Collaborative RCE Tool Library
Network Sniffers
| Tool name: | Wireshark |
| ||
|---|---|---|---|---|
| Author: | Gerald Combs | |||
| Website: | http://www.wireshark.org | |||
| Current version: | 0.99.8 | |||
| Last updated: | February 27, 2008 | |||
| Direct D/L link: | http://wireshark.osmirror.nl/download/win32/wireshark-setup-0.99.7.exe | |||
| License type: | Free / Open Source | |||
| Description: | Wireshark (previously Ethereal) is the world's foremost network protocol analyzer, and is the standard in many industries. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it is still under active development. Wireshark has a rich feature set which includes the following: * Hundreds of protocols are supported, with more being added all the time * Live capture and offline analysis are supported * Standard three-pane packet browser * Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others * Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility * The most powerful display filters in the industry * Rich VoIP analysis * Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others * Capture files compressed with gzip can be decompressed on the fly * Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom) * Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2 * Coloring rules can be applied to the packet list, which eases analysis * Output can be exported to XML, PostScript®, CSV, or plain text | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Malcode Analysis Pack |
| ||
|---|---|---|---|---|
| Author: | David Zimmer (iDefense Labs) | |||
| Website: | http://labs.idefense.com/files/labs/releases/previews/map/ | |||
| Current version: | ||||
| Last updated: | November 13, 2006 | |||
| Direct D/L link: | http://labs.idefense.com/software/download/?downloadID=8 | |||
| License type: | GPL2 | |||
| Description: | The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis. Included in this package are: • ShellExt - 4 explorer shell extensions • socketTool - manual TCP Client for probing functionality. • MailPot - mail server capture pot • fakeDNS - spoofs dns responses to controlled ip's • sniff_hit - HTTP, IRC, and DNS sniffer • sclog - Shellcode research and analysis application • IDCDumpFix - aids in quick RE of packed applications • Shellcode2Exe - embeds multiple shellcode formats in exe husk • GdiProcs - detect hidden processes | |||
| Also listed in: | Malware Analysis Tools, Network Tools, Process Monitoring Tools, TCP Proxy Tools, Import Editors, Reverse Engineering Frameworks, API Monitoring Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | tcpdump |
| ||
|---|---|---|---|---|
| Author: | The Tcpdump team | |||
| Website: | http://www.tcpdump.org/ | |||
| Current version: | 3.9.8 | |||
| Last updated: | September 25, 2007 | |||
| Direct D/L link: | http://www.tcpdump.org/release/tcpdump-3.9.8.tar.gz | |||
| License type: | BSD | |||
| Description: | From wikipedia's entry for tcpdump: tcpdump is a common computer network debugging tool that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. It was originally written by Van Jacobson, Craig Leres and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group. Distributed under a permissive free software licence, tcpdump is free software. Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, Mac OS X, HP-UX and AIX among others. In those systems, tcpdump uses the libpcap library to capture packets. There is also a port of tcpdump for Windows called WinDump; this uses WinPcap, which is a port of libpcap to Windows. In some Unix-like operating systems, a user must have superuser privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required. The user may optionally apply a BPF-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
