Network Defense

IDS/IPS/etc

Geo Spider

GEO Spider monitors all your network activity and shows full information about each connection. All connections are passed through GEO Spider Spy engine, so you can trace all your connections (where you have been in the world and where you located now).

GEO Spider expands your Windows tools to provide magic versatility. It will make a great addition to your network toolkit.

Traffic IQ Pro

Unrivalled functionality and simplicity combine to provide a highly configurable solution for assessing, auditing and enhancing the recognition and response capabilities of network based intrusion detection and prevention systems.

*Works only on Windows

Nsauditor

NsAuditor is a network security and vulnerability scanner that allows auditing and monitoring network computers for possible vulnerabilities, checking network for all potential methods that a hacker might use to attack it and create a report of potential problems that were found. Nsauditor is a complete networking software package that includes more than 45 network tools and utilities for network auditing, scanning,network connections monitoring and more.

Httprint

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database.

Network Miner

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file. NetworkMiner can also extract transmitted files from network traffic

Vision

Reports all open TCP and UDP ports and maps them to the owning process or application.

Vision, a host based Forensic Utility is the GUI successor to the well-known freeware tool, Fport. This innovative new product from Foundstone shows all of the open TCP and UDP ports on a machine, displays the service that is active on each port, and maps the ports to their respective applications. Vision allows users to access a large amount of supplementary information that is useful for determining host status by displaying detailed system information, applications running, as well as processes and ports in use.

Key Features
Interrogate ports and identify potential "Trojan" services by using the "Port Probe" command in the port mapper. Using "Port Probe", Vision will enable you to send a customized string of information to the port. Based on the response from the port, a determination can be made to either kill the port, using the "Kill" command, or leave it as is.

View system events by sorting by application, process, service, port, remote IP, and device drivers in ascending or descending order.

Identify and review detailed information about Services and Devices to determine if they are Running or Stopped.

Faq
Q. Will Vision work on Windows 9x, Me, or XP?
A. Vision will not work on Windows 9x, or Me. It will work with Windows XP.

Q. I get “Must be Admin” error when trying to launch. I am the Administrator, so what’s the problem?
A. Check to ensure that nbt binding is enabled. In NT 4 this is done in your network interface bindings. Under Win2k check to ensure that you have the TCP/IP Netbios helper enabled.

System Requirements
NT 4/ Win 2000
NT 4 needs psapi.dll
800x600 res. minimum
256 colors min
32MB

SnScan

SNMP Detection Utility

SNScan is a Windows based SNMP detection utility that can quickly and accurately identify SNMP enabled devices on a network. This utility can effectively indicate devices that are potentially vulnerable to SNMP related security threats, such as those released on February 12, 2002 and the Cisco IPv4 Remote Denial of Service vulnerability from July 17, 2003.

SNScan allows for the scanning of SNMP specific ports (e.g. UDP 161, 193, 391 and 1993) and the use of standard (i.e. "public") as well as user-defined SNMP community names. User-defined community names may be used to more effectively evaluate the presence of SNMP enabled devices in more complex networks.

SNScan is intended for use by system and network administrators as a fast and reliable utility for information gathering. While not indicating whether SNMP enabled devices are vulnerable to specific threats, SNScan can quickly and accurately identify potential areas of exposure to SNMP related vulnerabilities.

Bing

This is a tool for security researchers. It allows you to search for either an IP address or a DNS name and display all associated domain names known to Bing.

* If a specific IP address is searched, all domain records associated with that address are displayed
* If a DNS name is searched, all domain records associated with all addresses returned for that DNS name are displayed (this case is shown in the screenshot below)

Two separate self-contained versions of the tool are available: command-line-based and GUI-based. The GUI version can be spawned directly from the browser - no installation or additional files are required - just click on the link in Downloads and select Run.

Both versions require the .NET Framework 3.5.

Arping

Arping is an ARP level ping utility. It's good for finding out if an IP is taken before you have routing to that subnet. It can also ping MAC addresses directly.

AMAP

Amap has been designed to correlate the applications that are running on a specific port or ports residing on a host. Amap does this by connecting to the port ( s ) and sending packets that will hopefully trigger an automatic response in reply. These packets typically encompass a standard attempt by an application to carry out a handshake between both hosts. A lot of network daemons only respond to when a connection is attempted utilising an appropriate handshake (i.e. SSL). Amap then correlates this response with its in-built library and verbosely prints to screen.

Syndicate content