New Win32 cmd line packet sniffer.

[HTRegz]

Hey Hey,

Next Generation Security Technologies has released ngSniff 1.2. You can grab the executable here. In the zip file you'll find a 40K executable and 4.8K of text files. No installation, no packet driver, just extract and run.

It definately isn't the most advanced packet sniffer out there, but what it lacks in options, it makes up for in cleanliness. You can specify the interface (it will generate a list of interfaces... not pointing to some random registry driver entry but rather to the IP address), a host to specifically listen for, a host to specifically ignore, and a string of data to watch for. By default ngSniff will display to stdout, however you can tell it to write to a log file.

I decided to generate a specific packet for testing purposes to display for you.

This is the command I executed from the comand line of my Windows XP Machine.

Code:

ngSniff.exe --interface 0 --pattern "AntiOnline"

Here's the hping2 command I executed on my SuSE 9.1 box

Code:

hping -RA -p 80 -t 69 -d 50 -E testdata 192.168.1.100

If you care, testdata contains

Code:

AntiOnline Test Packet

Here's the capture displayed to stdout on the command line of my Windows XP Machine.

Code:

IP HEADER 192.168.1.101 -> 192.168.1.100
------------------------------------------
 IP->version: 4
 IP->ihl: 5
 IP->tos: 8
 IP->tot_len: 90
 IP->id: 52672
 IP->frag_off: 0
 IP->ttl: 69
 IP->protocol: 6
 IP->checksum: 44848

TCP HEADER
----------
 TCP->sport: 1352
 TCP->dport: 80
 TCP->seq: 1572835341
 TCP->ack: 1842659933
 TCP->off: 5
 TCP->flags: RST|ACK
 TCP->window: 512
 TCP->checksum: 37159
 TCP->urp: 0

----- Begin of data dump -----
41 6e 74 69 4f 6e 6c 69 6e 65 20 54 65 73 74 20  AntiOnline Test
50 61 63 6b 65 74 0a 00 00 00 00 00 00 00 00 00  Packet..........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00                                            ..
----- End of data dump -----

As you can see I set a few of the fields manually so that you could see the results (the packet data obviously), the TCP Flags, the TTL, the destination port. Anyways as you can see, it's very clean, quite small and very easy to use... definately a handy addition to the IT toolkit.

Peace,
HT

[Edit]
Tedob1 just pointed out that this is my '1337' post. I think I'm supposed to say "ph33r m3" or something corny like that... Anyways.. Yay for me!
[/Edit]

[Tedob1]

thanks for taking the trouble to test it then show your results. too many just post links for things they've never tried and have no idea how good or bad it reallly is.

looks allot better than packetmon. not as good as ethereal but much more handy. im going to give it a go tomorrow. thanks!

edit: oh no! i just noticed you post count....1337