SOLDIERX.COM Nobody Can Stop Information Insemination

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis.

tcpflow understands sequence numbers and will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery. However, it currently does not understand IP fragments; flows containing IP fragments will not be recorded properly.

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. At first glance, this might seem like a rather useless thing to do, but it can actually come in handy in some cases. The following example illustrates the main motivation in creating ptunnel:

This is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one. I wrote this tool because the existing tools either didn't do what I wanted or ran only on the Windows platforms: mine runs on just about everything.

A GNU/Linux utility for viewing/manipulating the MAC address of network interfaces

hping is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de-facto tools for security auditing and testing of firewalls and networks, and was used to exploit the Idle Scan scanning technique now implemented in the Nmap port scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in a very short time.

a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.

Old: 2000~ish

Excerpt from the web page:

dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

-------------
Very helpful network password traffic capture App.

Will accept live feed from a monitoring interface or process network capture file. While a bit dated, it works great for a quick tool to rip open passwords off the wire. It can also write the passwords to file or out to the screen.

SSLTest is a command line tool used to test SSL based servers to determine the SSL ciphers and protocols they support. These types of tests are commonly performed during penetration tests and compliance reviews (DSD ISM, PCI-DSS) that include a SSL server in scope. It is a Perl program, that works on Linux, Windows and Mac OS X, and is originally based on Cryptonark by Chris Mahns. It uses OpenSSL to make SSL connections, and test for supported ciphers and protocols.

Log4Trail a java based file monitoring/sniffer tool mainly designed for system administrator to checked for files that is being modified eg. someone added new user to /etc/passwd.The application will prompt a pop up balloon from the system tray which notify the current log user. If you set the application to enable mailer and configure the mailer account with corresponding recipients(TO,CC,BCC) it can also sent you an email about the file changes [from checksum] and [to new checksum] using the SHA1 file checking algorithm.