Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.

Updated/new name: Wireshark


OmniPeek gives network engineers real-time visibility and Expert Analysis into every part of the network from a single interface, including Ethernet, Gigabit, 10 Gigabit, 802.11a/b/g/n wireless, VoIP, and Video to remote offices. Using OmniPeek’s intuitive user interface and "top-down" approach to visualizing network conditions, network engineers—even junior staff—can quickly analyze, drill down and fix performance bottlenecks across multiple network segments, maximizing uptime and user satisfaction.


Packetyzer is a network protocol analyzer for Windows, also know as a packet sniffer. It is based on the Ethereal project, but provides a native Windows GUI. Packetyzer can capture from virtually any network adapter and supports many advanced features.

Google Hack Honeypot

Google Hack Honeypot is the reaction to a new type of malicious web traffic: search engine hackers. GHH is a “Google Hack” honeypot. It is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH implements honeypot theory to provide additional security to your web presence.

Geo Spider

GEO Spider monitors all your network activity and shows full information about each connection. All connections are passed through GEO Spider Spy engine, so you can trace all your connections (where you have been in the world and where you located now).

GEO Spider expands your Windows tools to provide magic versatility. It will make a great addition to your network toolkit.

Traffic IQ Pro

Unrivalled functionality and simplicity combine to provide a highly configurable solution for assessing, auditing and enhancing the recognition and response capabilities of network based intrusion detection and prevention systems.

*Works only on Windows

Network Miner

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file. NetworkMiner can also extract transmitted files from network traffic


Cert grabber for DOCSIS modems. Not sure how up to date it is but I know it makes getting certs for modded modems much easier.

This is a variation of FastSnmp, it scans for modems with factory mode enabled and when it finds one it retrieves the serial, the model, the mac, and all the certs it can and saves it to a file.

It retrieves HFC, Downstream and upstream rates, Ethernet and USB macs along with serial and cmFactoryBigRSAPublicKey, cmFactoryBigRSAPrivateKey, cmFactoryCMCertificate, cmFactoryManCertificate, cmFactoryRootCertificate certificates.
This is the compiled for windows version of FastCert, ive included the perl script as well


"The goal of Xplico is extract from an Internet traffic capture the applications data contained.
For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT)."

In a nut shell, it's like Wireshark on crack. Rather than digging through the individual packets and putting them back together this will dissect and parse the individual protocols and traffic back out to human readable. Anyone who has ever reassembled emails like this can vouch for the pita it is.

Anyone who works in a industry where captures live from the wire, or from cap file can see the use and abuse of such a product. You can select specific dissectors for the traffic of interest.

I found a good bit of info on configuring this at the link below.

I'd highly advise checking out some screen shots at the following link, the interface is very nice. I like the geomap!


Snort is a free, open source network intrusion detection and prevention system capable of performing real-time traffic analysis and packet logging on IP networks.

Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. It uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plug-in architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients. Snort has three primary uses: a straight packet sniffer like tcpdump, a packet logger (useful for network traffic debugging, etc), or a full-blown network intrusion prevention system.

Syndicate content