good packet sniffer
Results 1 to 8 of 8

Thread: good packet sniffer

  1. #1
    Junior Member
    Join Date
    Dec 2002
    Posts
    23

    good packet sniffer

    I'm looking for a good packet sniffer, does anyone have any suggestions? I would prefer a free packet sniffer, but am willing to pay also. Thank you

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    I prefer tcpdump (or windump on windows): http://www.tcpdump.org/ and http://windump.polito.it/
    And I think ethereal is the best for analysing packets: www.ethereal.com
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    Snort
    http://www.snort.org

    Packet sniffer with more
    and its free
    That which does not kill me makes me stronger -- Friedrich Nietzche

  4. #4
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    ettercap is very nice and versatile. the ARP functionality is fun too.
    http://ettercap.sourceforge.net/
    Characters injection in an established connection : you can inject character to server (emulating commands) or to client (emulating replies) maintaining the connection alive !!

    SSH1 support : you can sniff User and Pass, and even the data of an SSH1 connection. ettercap is the first software capable to sniff an SSH connection in FULL-DUPLEX

    HTTPS support : you can sniff http SSL secured data... and even if the connection is made through a PROXY

    Remote traffic through GRE tunnel: you can sniff remote traffic through a GRE tunnel from a remote cisco router and make mitm attack on it

    PPTP broker: you can perform man in the middle attack against PPTP tunnels

    Plug-ins support : You can create your own plugin using the ettercap's API.
    List of available plugins

    Password collector for : TELNET, FTP, POP, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, HALF LIFE, QUAKE 3, MSN, YMSG (other protocols coming soon...)

    Paket filtering/dropping: You can set up a filter that search for a particular string (even hex) in the TCP or UDP payload and replace it with yours or drop the entire packet.

    OS fingerprint: you can fingerprint the OS of the victim host and even its network adapter

    Kill a connection: from the connections list you can kill all the connections you want

    Passive scanning of the LAN: you can retrive infos about: hosts in the lan, open ports, services version, type of the host (gateway, router or simple host) and extimated distance in hop.

    Check for other poisoners: ettercap has the ability to actively or passively find other poisoners on the LAN

    Bind sniffed data to a local port: you can connect to that port with a client and decode unknown portocols or inject data to it (only in arp based mode)

    Port Stealing: a new method to sniff on switched LAN without ARP poisoning...
    yeah, I\'m gonna need that by friday...

  5. #5
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    As el-half has already stated - Ethereal....

    'nuff said...
    - Maverick

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Ethereal if you want something thats free. As far as commercail sniffers go I like Iris by eeye.
    Quis custodiet ipsos custodes

  7. #7
    ethereal for windows... as stated twice already!

  8. #8
    Junior Member
    Join Date
    Dec 2002
    Posts
    23

    thank you

    Thank you all very much!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •