Best Sniffers in My Town
Watchdogs. Some actively sniff, some only use their nose passively. Some bark, some bite, and some can do both (but usually not at the same time). And not just watchdogs, other animals can guard the place as well, maybe even better. Each species has been domesticated for particular species detection. And some would-be-predators make for excellent prey.
Wireshark packet sniffer
Wireshark was known as Ethereal until a trademark dispute in Summer 2006. It is an open source network protocol analyser for Unix, Apple and Windows that allows for interactively browsing data from a live network or from a capture file on disk on different levels of packet detail. It includes a rich display filter language, the ability to view reconstructed streams of TCP sessions and supports hundreds of protocols and media types. Which media types are supported, depends on many things like the operating system you are using. An overview of the supported media types can be found in the Wireshark Network Media documentation.
Documentation and additional resources are readily available and a tcpdump-like console version is included, or if you’re on Linux, the tshark package can be installed.
Wireshark will not manipulate things on the network, it will only “measure” things from it. Wireshark doesn’t send packets on the network or do other active things. It isn’t an intrusion detection system. It will not warn you when someone does strange things on your network that he or she isn’t allowed to do. However, if strange things happen that an intrusion detector does not recognise, Wireshark might help you figure out what is really going on for setting up rules for detecting it next time.
Snort intrusion detection
Snort is a network intrusion detection and prevention system for traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploitation attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. The free Basic Analysis and Security Engine (BASE), is a web interface for analysing Snort alerts.
Open source Snort works fine for many individuals, small businesses, and departments. Parent company SourceFire offers a complementary product line with more enterprise-level features and real-time rule updates. They offer a free 5-day-delayed rules feed, and you can also find many great free rules at Bleeding Edge Snort.
Kismet wireless tool
Kismet has an appetite for Wardialing. Wardriving. Warwalking. Warflying. Warsailing. Warskating? It is a console based 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing, de-cloaks hidden (non-beaconing) networks, automatically detects network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, logs traffic in Wireshark/tcpdump compatible format, and can even plot detected networks and estimated ranges on downloaded maps.
Nikto 2 webscanner
Nikto is a pluggable web server and CGI scanner written in Perl, using rfp’s LibWhisker to perform fast security or informational checks. It is designed to find many types of web server problems including server and software misconfigurations, default files and programs, insecure files and programs and outdated servers and programs. Easy to use too.
The most basic Nikto scan requires simply a host to target. The host can be an IP address or a hostname, and is specified using the -h (-host) option. This will scan IP address 192.168.0.1 on TCP port 80 (default port):
perl nikto.pl -h 192.168.0.1
It is quick, but not entirely silent. It will test a web server in the shortest time possible, and is fairly obviously present in some log files. So really, this is for testing your own servers. 🙂
- Wireshark afterglow node graph based on binding interfaces with IP address directions (secviz.org)
- Herding Firesheep (zdnet.com)
- imabonehead: Create your own packet sniffer in C | Simplest Codings (simplestcodings.com)
- Decrypting SSL traffic with Wireshark, and ways to prevent it (wirewatcher.wordpress.com)
- LISP @ UPC – LISP dissector for Wireshark (lisp.cba.upc.edu)
- Bringing the Shark to the Bee (hackaday.com)
Posted on February 12, 2011, in Local and commons, Tools, Users and tagged Kismet, Linux, Nikto, Packet analyzer, Snort (software), Transmission Control Protocol, Wireshark. Bookmark the permalink. Leave a comment.