Sniffer

Burp Spider

Burp Spider is a tool for mapping web applications. It automates the laborious task of cataloging an application's content and functionality, and lets you:

Work manually via your browser, by passively inspecting traffic passing through Burp Proxy and cataloging everything that this identifies.

Actively crawl the application, by automatically following links, submitting forms, and parsing responses for new content.

Browse a detailed site map of discovered content, in tree and table form.

Retain full control of all spidering actions, with fine-grained scope definition, automatic or user-guided submission of forms, and detailed configuration of the spidering engine.

Send interesting items to other Burp Suite tools with a single click.

Deal with complex applications, with automatic handling of login credentials and session cookies, and detection of custom "not found" responses.

Save all of your work, and resume working later.

Ethereal

Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.

Updated/new name: Wireshark

OmniPeek

OmniPeek gives network engineers real-time visibility and Expert Analysis into every part of the network from a single interface, including Ethernet, Gigabit, 10 Gigabit, 802.11a/b/g/n wireless, VoIP, and Video to remote offices. Using OmniPeek’s intuitive user interface and "top-down" approach to visualizing network conditions, network engineers—even junior staff—can quickly analyze, drill down and fix performance bottlenecks across multiple network segments, maximizing uptime and user satisfaction.

Packetyzer

Packetyzer is a network protocol analyzer for Windows, also know as a packet sniffer. It is based on the Ethereal project, but provides a native Windows GUI. Packetyzer can capture from virtually any network adapter and supports many advanced features.

Google Hack Honeypot

Google Hack Honeypot is the reaction to a new type of malicious web traffic: search engine hackers. GHH is a “Google Hack” honeypot. It is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH implements honeypot theory to provide additional security to your web presence.

Geo Spider

GEO Spider monitors all your network activity and shows full information about each connection. All connections are passed through GEO Spider Spy engine, so you can trace all your connections (where you have been in the world and where you located now).

GEO Spider expands your Windows tools to provide magic versatility. It will make a great addition to your network toolkit.

Traffic IQ Pro

Unrivalled functionality and simplicity combine to provide a highly configurable solution for assessing, auditing and enhancing the recognition and response capabilities of network based intrusion detection and prevention systems.

*Works only on Windows

Network Miner

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file. NetworkMiner can also extract transmitted files from network traffic

FastCert

Cert grabber for DOCSIS modems. Not sure how up to date it is but I know it makes getting certs for modded modems much easier.

This is a variation of FastSnmp, it scans for modems with factory mode enabled and when it finds one it retrieves the serial, the model, the mac, and all the certs it can and saves it to a file.

It retrieves HFC, Downstream and upstream rates, Ethernet and USB macs along with serial and cmFactoryBigRSAPublicKey, cmFactoryBigRSAPrivateKey, cmFactoryCMCertificate, cmFactoryManCertificate, cmFactoryRootCertificate certificates.
This is the compiled for windows version of FastCert, ive included the perl script as well

Xplico

"The goal of Xplico is extract from an Internet traffic capture the applications data contained.
For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT)."

In a nut shell, it's like Wireshark on crack. Rather than digging through the individual packets and putting them back together this will dissect and parse the individual protocols and traffic back out to human readable. Anyone who has ever reassembled emails like this can vouch for the pita it is.

Anyone who works in a industry where captures live from the wire, or from cap file can see the use and abuse of such a product. You can select specific dissectors for the traffic of interest.

I found a good bit of info on configuring this at the link below.
http://wiki.xplico.org/doku.php/tutorial:0.5.2

I'd highly advise checking out some screen shots at the following link, the interface is very nice. I like the geomap!
http://www.xplico.org/screenshot

Syndicate content