Sniffer classic software introduction
(Transfer from http://seclab.mblogger.cn/tb1d/)
Sniffer is a commonly used collection useful data method, which can be a user's account and password, which can be some commercial confidential data. Sniffer can be used as a device that can capture network packets, ISS is Sniffer Definition: Sniffer is a tool for intercepting data packets for other computers using a computer's network interface. Sniffer divides two categories according to the type of network: 1. Sniffer in the exchange environment 2. Sniffer exchange in the shared environment The Sniffer in the environment is often through the ARP spoofing of the switch, which will become intercept data. Sniffer in the shared environment only needs to set this unit's network card to mix mode, you can listen to all the datagrams on the network, not Any spoofer is required. The principle of SNIFFER: The network of swap environments uses a switch (Switch) to connect to each network node, and the network of shared environments connects each node using the hub. Let's talk about the shared environment, sharing the network has become a hub network, data After returning the hub, the hub will forward the datagram to the port of each hub. In other words, each network node connected to the hub has the right to receive all the datagrams. After running Sniffer, Sniffer will set the network card to mixed Mode, once set to mixed mode, Sniffer can accept all datutical news, which also achieves the purpose of Sniffer. Exchange environment, by using the switch instead of the hub in the shared environment, can solve several security problems of the hub, the switch passes Your own ARP cache list decide to send the datagrar to a port, which is not forwarding a datagram to each port. On the other hand, it greatly improves the performance of the network. On the other hand, it has improved safety. In the exchange environment, even if the NIC is set to a mixed mode, only the packet of this machine can only be listened, because the switch does not turn the data reported by other nodes to the sniffing host. So, in the exchange environment, you must find a way to make The data of the sniffing host is reported to the sniffing host, which can achieve this purpose method is called ARP spoof, which makes the switch update the ARP cache list to deceive the purpose of deception by counterfeiting the ARP packet spoofing. The datagram to the sniffed host is completely forwarded to the sniffing host, and the sniffing host does not receive any packets, in order to make normal intercept data, the sniffing host is except for the identity of the sniffing It is also necessary to act as an intermediary. The specific principles and ways can go to Google to search for ARP spoofing. In the exchange environment, how to make an entire network data analysis in the case of unused ARP spoof, I provide Two methods for reference: 1. Use a switch with a mirror function using a switch in the root node, which can be set to forward all the datagrams to a specified port, which can be connected to the port on the port. Sniffer Host. 2. If your root node switch does not have this function, you can add a hub to the root node, and the hub is connected to the switch, and the other port can be connected to the host running the Snifer. The following is me Personally think that classic Sniffer is worth collecting.
1. LIBPCAP version: V0.8.3 Update Date: 2004-03-30 Description: libpcap is a must-have tool for UNIX or Linux from the core capture network packet, which is independent of the system's API interface, which provides a base network monitoring Portable framework, can be used in network statistics collection, security monitoring, network debugging and other applications. Many network programs under UNIX or Linux require libpcap to run. Similar programs under Windows platform are WinPCAP. Download path: Software / Network / LibPCAP / (including the latest version, stabilization, and development documents)
2. WinPCAP version: V3.1 Beta3 update Date: 2004-05-15 Description: WinPCAP is similar to libpcap, supporting Win32 platform, WinPCAP provides 3 modules: NPF (NETGROUP PACKET Filter, kernel-based datagram filter), Packet.dll (Dynamic Library), WPCap.dll (Architecture is more convenient, more direct programming method). Many network tools (Sniffer, etc.) are developed using WinPCAP, Running these network tools, you need to install WinPCAP. I used VBS to call WinPCAP to write the Sniffer under console. ~ _ * Download path: Software / Network / WinPCAP / (including the latest version, stabilization, and development documentation) 3. NetworkWork Associates Sniffer Portable version: V4.7.5 SP4 Update Date: 2004-05-20 Introduction: Nai's Sniffer, as the main product of Nai, the price is also a series of network failures and performance management solutions. Network professionals can use it for multi-topograms and multi-protocol networks. Sniffer portable software can run on hardware platforms such as desktops, laptop, or notebooks, and you can use advanced self Define hardware components to ensure full-line capture capabilities. Sniffer portable is excellent, distinguishably from other SNIFFERs to include the following aspects:
Custom hardware: By custom hardware, the Sniffer Portable can implement line speed capture, filtering, and triggering.
Detailed report: You can generate a graphic report based on RMON1 / RMON2, and similar data collected by the Sniffer Portable application. From bandwidth usage to potential network attenuation, Sniffer Report provides detailed data to help you plan future network needs. The available reports of Ethernet and token rings include: host table, matrix, protocol distribution, global statistics and other reports.
Sniffer Voice Options: Sniffer Voice is a value-added package integrated with Sniffer Portable, which provides the necessary information of voice and video aggregation traffic, mainly for VoIP networks.
Download path: Software / network / network.associates.sniffer.portable.v4.7.5.sp4 /
4. WildPackets Etherpeek NX Version: V2.1 Update Date: 2004-06-12 Introduction: Etherpeek NX is the first network protocol analyzer for real-time professional diagnosis and structural decoding during the packet capture process. Etherpeek NX is specifically IT The staff is designed to help them analyze and diagnose the increasingly accelerated network data groups, providing precise and latest analysis of many faults facing today. This versions INETTOOLS and PACKETGRABBER are included with products, and inettools provide some comparison. Useful network tools (Ping, Ping Scan, TRACE ROUTE, NAME LOOKUP, NAME SCAN, DNS Lookup, Port Scan, Service Scan, Finger, WHOIS, and THROUGHPUT), PacketGrabber is a remote datagram collection program. At the same time, PEEK is also available SDK, convenient users to develop plugins themselves, SDK documents in the 1033 / Documents / Peek SDK / Documents under the installation path. Etherpeek for Windows is a repeated Award's Ethernet traffic and protocol analyzer. Etherpeek established "easy Use "industry standard. Etherpeek is the best product selected from the five network analyzers from five network analyzers. Download path: Software / Network / WildPackets.etherpeek.nx.v2.1 /
5. Iris Network Traffic Analyzer version: V4.0.7 Update Date: 2003-12-29 Introduction: The advantage of the Sniffer, which is produced by the well-known company's well-known company Eeye: Easy to use, comprehensive traffic status and report, advanced data reconstruction , Precision packet operation and counterfeiting ability, extended filtering function, data analysis capabilities. Individuals believe that IRIs have highlighted in data reconstruction functions, packet forgery, and data analysis capabilities. Data reconstruction features can be completely complete HTTP, FTP, SMTP, and POP3 sessions. Use IRIS's data reconstruction capabilities to easily view the MAIL letters of the network, users browse web pages, and unprysed FTP transfers. IRIS's packet editor allows users to create custom Or deceived data packets. Data analysis capabilities lies in IRIS to analyze other well-known Sniffer saved packet capture files. It is worth mentioning that there are some definition filter files to provide some defined filter files on Eeye sites. Most of them. It is for viruses and worms. Download path: Software / Network / Iris.Network.Traft.Analyzer.v4.07 / 6. TAMOSOFT CommView version: V4.1.344 Update Date: 2004-02-19 Introduction: CommView Series is Windows Comparative commercial SNIFFER products, support NDIS3.0 driver standards, which are roughly different from other Sniffer, in addition, combined with CommView Remote Agent can achieve remote sniffing. TAMOSoft CommView for WiFi version: V4.2.360 Update Date: 2004-04 -09 Introduction: Commiew for WiFi is a special version of CommView. It is designed to capture and analyze wireless networks, support 802.11a / b protocol. Download path: Software / Network / Tamosoft.commview / Tamosoft CommView Remote Agent version: V1. 1.43 Update Date: 2004-03-04 Introduction: CommView Remote Agent is a dedicated, optional component, designed for remote network monitoring. Download path: Software / Network / Tamosoft.commview / TAMOFT.COMMVIEW /
7. ETTERCAP version: NG 0.7.0 RC1 Update Date: 2004-06-14 Description: Ettercap is a set of lan off-site attacked tools, which belongs to open source projects, supporting multiple platforms (Linux, BSD, Windows, Solaris, Mac OS The function includes sniffing activity connections, content filtration of the on the fly mode, and other interesting spoofings. EtterCap supports the analysis of active and passive multiple protocols, including other networks and host analysis. In addition, ettercap has Plug-in feature, bring a lot of modular plugins, Also allow third parties to write plugins. SSH1 and https can be supported after OpenSSL. Download path: Software / Network / etccap /
8. Ethereal version: V0.10.4 Updated: 2004-05-13 Description: Ethereal is the world's most popular network protocol analyzer, powerful and supported a SNIFFER with the largest support of the platform: Windows, Linux, Solaris, Mac OS, BSD, BEOS, TRU64 UNIX, HP-UX, AIX, IRIX, etc.), belongs to Open Source Project. Support analysis has more 512 more, support real-time and non-real-time mode. Upwindows runs Upstream requires WinPCap library. Download path: Software / Network / EThereal / (including source code and installation files under Windows)
9. Packettyzer version: V2.0.0 Update Date: 2004-04-22 Introduction: PacketYzer is an excellent SNIFFER under the number of open source Windows platforms, supporting 483 protocols, combined with Neutrino Sensor to intercept and analyze 802.11 data Package, I personally prefer Packetyzer's datagonal color function. You need to install WinPCAP. Download path: Software / Network / Packettyzer / (including source code and installation file) 10. Cain & Abel version: v2.5 beta56 Update Date: 2004 -06-14 Introduction: Cain & Abel is a powerful password interception and crack tool under the Windows platform, so I summon it into Sniffer, mainly because Cain & Abel's main function is in Sniffer, it supports sharing Interception in the environment and exchange environment, Cain and Abel are separate two tools (Cain as the client, Abel as the server). The function is very powerful, detailed, please visit: http://www.oxid.it/ Cain.html. Increases the support of Wi-Fi in new versions. Running requires Winpcap. Download path: Software / Network / Cain & Abel /
11. TCPDUMP / WINDUMP Version: V3.8.3 Update Date: 2004-03-30 Description: TCPDump is a well-known and popular command-based network packet analysis and sniffing tool. It can match match rules The header of the packet is displayed, using TCPDUMP to find a network problem or to monitor the situation on the network. Windump is the transplant version of TCPDUMP on the Windows platform. Download path: Software / Network / Tcpdump / (including tcpdump and window)
12. DSNIFF version: V2.4 Beta2 update Date: 2004-06-14 Description: DSNIFF is a collection of Unix executable tools, which is designed to perform network audits and network penetration. With ARP spoofing, it should also The first Snifer with the first sniffing function in the exchange environment. The author has been tested under OpenBSD, Red Hat Linux and Solaris. An earlier version (1.8) has been ported to Windows. DSNIFF was the earliest by DUG in 1999 December released. DSNIFF depends on some third-party packages, including Berkeley DB, OpenSSL, Libnet, and Libnids. Download path: Software / Network / DSNIFF / (including 2.3, 2.4b1, 2.4b2, and 1.8 for Windows version)
13. Sniffit version: v0.37 beta Update Date: 1998-07-17 Introduction: Sniffit is developed by Lawrence Berkeley Laboratory, can run Sniffer in various platforms such as Linux, Solaris, SGI, Windows, provided many business Function, support script and plugin, and TOD can be used to cut off TCP connection to the target machine by sending an RST package to the target machine. The Windows version is migrated by Symbolic and runs WinPCAP. Download path: Software / Network / SniffIt /
14. SNARP version: v0.9h Update Date: 2001-03-21 Introduction: Examples of the Windows Platform Swie networks. For details, please refer to readme.txt. Download path: Software / Network / Snarp /
15. ARPSNIFFER version: V0.5 Update Date: 2002-08-12 Introduction: Switching the network's sniffer under the WINDOWS platform. In addition, in the stream 5, the Remote ANS (Remote ARP NetWork Sniffer) function is added, This tool uses the Sensor / GUI structure. Run require WinpCap. Download path: Software / Network / Arpsniffer /
