New Mexico Institute of Mining and Technology



Network Protocol Analyzers

|SNo | Tool |Tool Description | Open Source |Platform | Functions |

| | | |? | | |

| | | | | | |

|1 |Nessus |The premier Open Source |Yes |Windows |Nessus is plug-in-based, has a GTK interface, and performs over 1200 remote |

| | |vulnerability assessment tool | |*NIX |security checks. It allows for reports to be generated in HTML, XML etc. If a |

| | | | | |host runs the same service twice or more, Nessus will test all of them. |

| | | | | |Nmap ("Network Mapper") is a free open source utility for network exploration |

|2 |NMap |Network Mapper |Yes |Windows |or security auditing. It was designed to rapidly scan large networks, although |

| | | | |*NIX |it works fine against single hosts. Nmap uses raw IP packets in novel ways to |

| | | | |Mac OS X |determine what hosts are available on the network, what services (application |

| | | | |more |name and version) those hosts are offering, what operating systems (and OS |

| | | | | |versions) they are running, what type of packet filters/firewalls are in use, |

| | | | | |and dozens of other characteristics. Nmap runs on most types of computers and |

| | | | | |both console and graphical versions are available. |

| | | | | | |

| | | | | |It allows to examine data from a live network or from a capture file on disk & |

|3 |Ethereal |Network Protocol Analyzer |Yes |Windows |can interactively browse the capture data, viewing summary for each packet. It |

| | | | |*NIX |includes a rich display filter language and the ability to view the |

| | | | | |reconstructed stream of a TCP session. |

| | | | | | |

| | | | | |GFI LANguard automatically detects security vulnerabilities on your network. It|

| | | | | |scans your entire network, IP by IP, and provides information such as service |

|4 |GFI LANguard |Network Security Scanner |No |Windows |pack level of the machine, missing security patches, wireless access points, |

| | | | | |USB devices, open ports, services/applications active on the computer, key |

| | | | | |registry entries, weak passwords and more. It is also a complete patch |

| | | | | |management solution. |

| | | | | | |

| | | | | |It can be used to print out the headers of packets on a network interface that |

|5 |TCPDump / WinDump |The classic sniffer for network |Yes |Windows |matches a given expression. You can use this tool to track down network |

| | |monitoring and data acquisition. | |*NIX |problems or to monitor network activities. Tcpdump is a wellknown text-based |

| | | | | |network packet analyzer. |

| | | | | | |

| | | | | |If the TCP/IP sessions are "hanging," EtherPeek can show you which system sent |

|6 |EtherPeek |Ethernet network traffic and |No |Windows |the last packet, and which system failed to respond. If you are experiencing |

| | |protocol analyzer | | |slow screen updates, EtherPeek can display delta time stamps and show which |

| | | | | |system is waiting for packets, and which system is slow to respond. |

| | | | | | |

|7 |Retina | | | |Retina discovers networked devices – through wired and wireless connections – |

| | |Commertial vulnerability |No |Windows |and will identify which operating systems, applications, databases and wireless|

| | |assessment scanner | | |access points are present. Any unauthorized applications, such as P2P, malware,|

| | | | | |will be detected and identified. |

| | | | | | |

|8 |NetCat |The network swiss army knife |No |Windows |A simple Unix utility which reads and writes data across network connections, |

| | | | |*NIX |using TCP or UDP protocol. |

| | |Network User Interface. It is | | | |

| | |designed to be the network | | |Cheops Organizes network by mapping which shows the routes taken to access area|

|9 |Cheops |equivalent of a swiss-army knife,| | |of your network, detects OS running on each system. |

| | |unifying your network utilities. |Yes |Linux |Has a generalized TCP port scanner. |

| | | | | | |

| | | | | |Network management tool for mapping and monitoring your network |

| | |Next generation Cheops – The | | |It has host/network discovery functionality as well as OS detection of hosts |

|10 |Cheops-ng |network Swiss Army Knife. | | |On some services, cheops-ng is actually able to see what program is running for|

| | | |Yes |Linux |a service and the version number of that program |

| | | | | | |

| | | | | | |

|11 | | | | |Dsniff, Filesnarf, mailsnarf, msgsnarf, urlsnarf & webspy are the tools used to|

| |DSniff |A Collection of tools for network|Yes |Windows |monitor a network for interesting data. Arpspoof, DNSpoof & Macof facilitate |

| | |auditing and penetration | |*NIX |the interception of network traffic. |

| | |testing. | | | |

| | | | | |Advanced Research's philosophy relies heavily on software re-use. Rather than |

| |SARA |Security Auditor’s | |Windows |inventing a new module, SARA is adapted to interface to other community |

|12 | |Research Assistant |No |*NIX |products. For instance, SARA interfaces with the popular NMAP package for |

| | |- The third generation network | |Mac OS X |superior "Operating System fingerprinting". Also, SARA provides a transparent |

| | |security analysis tool | | |interface to SAMBA for SMB security analysis. |

| | |Network Sniffer / Interceptor for| | | |

|13 |EtterCap |Ethernet LANs. | |Windows |Ettercap is a suite for man in the middle attacks on LAN. It features sniffing |

| | | |Yes |*NIX |of live connections, content filtering on the fly and many other interesting |

| | | | |Mac OS X |tricks. |

| | | | | | |

| | | | | |Samspade was designed with tracking down spammers in mind. It is also useful |

|14 |Sam Spade |Freeware Windows network query |No |Windows |for many other network exploration, administration, and security tasks. It |

| | |tool | |NT, 98, |includes tools such as ping, nslookup, whois, dig, traceroute, finger etc. |

| | | | |2000 | |

| | | | | |• User may select what level of the protocol stack to concentrate on. |

| | | | | |• You may either look at traffic within your network, end to end IP, or even |

| | | | | |port to port TCP. |

|15 |EtherApe |Graphical network monitor for |Yes |*NIX |• Data can be captured "off the wire" from a live network connection, or read |

| | |Unix | | |from a tcpdump capture file. |

| | bind/index.php/ | | | |• Live data can be read from ethernet, FDDI, PPP and SLIP interfaces. |

| | | | | | |

| | | | | |Hping2 assembles and sends custom ICMP/UDP/TCP packets and displays any |

|16 |Hping2 |A network probing utility like |Yes |*NIX |replies. It was inspired by the ping command, but offers far more control over |

| | |ping on steroids | | |the probes sent. It has a handy traceroute mode and supports IP fragmentation. |

| | | | | |This tool is particularly useful for Firewall testing, Remote OS |

| | | | | |fingerprinting, |

| | | | | |TCP/IP stacks auditing and Advanced port scanning. |

| | | | | | |

|17 |Super Scan |Powerful TCP port scanner, | | |Support for unlimited IP ranges. TCP SYN scanning. UDP scanning (two methods). |

| | |pinger, resolver. |No |Windows |Source port scanning. A selection of useful tools (ping, traceroute, Whois |

| | | | |etc). Extensive Windows host enumeration capability. |

| |ation.htm&subcontent=/resources/proddesc/superscan.htm | | | | |

| | | | | | |

|18 |Fragroute |IDS systems' worst nightmare |Yes |Windows |Fragroute intercepts, modifies, and rewrites egress traffic, implementing most |

| | | | |Linux |of the attacks described in the Secure Networks IDS Evasion paper |

| | | | |BSDs | |

| | | | | | |

| | | | | |SAINT detect and fix possible weaknesses in the network’s security before they |

|19 |SAINT |Security Administrator's |No |*NIX |can be exploited by intruders. Anticipate & prevent common system |

| | |Integrated | | |vulnerabilities. SAINTwriter software allows network administrators to design |

| | Tool | | |and generate vulnerability assessment reports quickly and easily. |

| | | | | | |

| | | | | |Fport reports all open TCP/IP and UDP ports and maps them to the owning |

|20 |Fport |Foundstone's enhanced netstat | |Windows |application. This is the same as 'netstat -an' command, but it also maps those |

| | | | | |ports to running processes with the PID, process name and path. Fport can be |

| | | | |used to quickly identify unknown open ports and their associated applications. |

| |ation.htm&subcontent=/resources/proddesc/fport.htm | | | | |

|21 |Tcptraceroute |Traceroute implementation using | | | |

| | |TCP packets. |Yes |Linux |By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, |

| | | | | |tcptraceroute is able to bypass the most common firewall filters. |

| | | | | | |

|22 |IpTraf | | | |Gathers a variety of figures such as TCP connection packet and byte counts, |

| | |IP Network Monitoring Software |Yes |Linux |interface statistics and activity indicators, TCP/UDP traffic breakdowns, and |

| | | | | |LAN station packet and byte counts. |

| | | | | | |

| | | | | |Ntop shows network usage. In interactive mode, it displays the network status |

|23 |NTop |A network traffic usage monitor |No |Windows |on the user's terminal. In Web mode, it acts as a Web server, creating an HTML |

| | | | |*NIX |dump of the network status. It sports a NetFlow/sFlow emitter/collector, an |

| | | | | |HTTP-based client interface for creating ntop-centric monitoring applications, |

| | | | | |and RRD for persistently storing traffic statistics. |

| | | | | | |

|24 |Solar Winds |A plethora of network discovery /| | |SolarWinds has created and sells dozens of special-purpose tools targetted at |

| |Tool Sets |monitoring / attack tools |No |Windows |systems administrators. Security related tools include many network discovery |

| | | | | |scanners and an SNMP brute-force cracker. |

| | | | | | |

| | | | | | |

| | | | | |Ngrep is a pcap-aware tool that will allow you to specify extended regular or |

|25 |Ngrep | | | |hexadecimal expressions to match against data payloads of packets. It currently|

| | |A pcap-aware tool |Yes |Windows |recognizes TCP, UDP, ICMP, IGMP and Raw protocols across Ethernet, PPP, SLIP, |

| | | | |*NIX |FDDI, Token Ring & 802.11 and understands bpf filter logic in the same fashion |

| | | | | |as more common packet sniffing tools, such as tcpdump and snoop. |

| | | | | | |

| | | | | |Snort is capable of performing real-time traffic analysis and packet logging on|

|26 |Snort |A free intrusion detection system|Yes |Windows |IP networks. It can perform protocol analysis, content searching/matching and |

| | |(IDS) | |*NIX |can be used to detect a variety of attacks and probes, such as buffer |

| | | | | |overflows, stealth port scans, CGI attacks etc. |

| | | | | | |

|27 |Arpwatch |Ethernet monitor program. |Yes |Windows |Written in C. |

| | | | |Linux |Keeps track of ethernet/ip address pairings and can detect certain monkey |

| | | | | |business |

| | | | | |tcpprep - multi-pass pcap file pre-processor which determines packets as client|

| | | | | |or server and creates cache files used by tcpreplay and tcprewrite. |

| | | | | |tcprewrite - pcap file editor which rewrites TCP/IP and Layer 2 packet headers |

| | | | | |tcpreplay - replays pcap files at arbitrary speeds onto the network |

|28 | |It provides the ability to use | | |tcpbridge - bridge two network segments with the power of tcprewrite |

| |Tcpreplay |previously captured traffic in |Yes |*NIX | |

| | |libpcap format to test a variety | | | |

| | |of network devices | | | |

| | | | | | |

| | | | | |Netfilter is a powerful packet filter which is implemented in the standard |

|29 |Net Filter |kernel packet filter/firewall |Yes |Linux |Linux kernel. The userspace iptables tool is used for configuration. It now |

| | | | | |supports packet filtering and packet mangling. Netfilter allows kernel modules|

| | | | | |to register callback functions with the network stack. |

| | | | | | |

| | | | | |Firewalk employs traceroute-like techniques to analyze IP packet responses to |

|30 |Zirewalk |Advanced trace route |Yes |*NIX |determine gateway ACL filters and map networks. It is an active reconnaissance |

| | | | | |network security tool that attempts to determine what layer 4 protocols a  |

| | | | | |given IP forwarding device will pass. Firewalk  works  by sending out TCP or |

| | | | | |UDP packets with a TTL one greater than the targeted gateway.  |

| | | | | | |

| | | | | |Hunt can watch TCP connections, intrude into them, or reset them. Hunt is meant|

|31 |Hunt |An advanced packet sniffing and |No |Linux |to be used on _thernet, and has active mechanisms to sniff switched |

| | |connection intrusion tool | | |connections. Advanced features include selective ARP relaying and connection |

| | | | | |synchronization after attacks. |

| | | | | | |

|32 |Fragroute | | | |Fragroute intercepts, modifies, and rewrites egress traffic. It features a |

| | |IDS systems' worst nightmare |Yes |Windows |simple ruleset language to delay, duplicate, drop, fragment, overlap, print, |

| | | | |*NIX |reorder, segment, source-route, or otherwise monkey with all outbound packets |

| | | | | |destined for a target host. This tool was written to test intrusion detection |

| | | | | |systems, firewalls, and basic TCP/IP stack behaviour. |

| | | | | |Ksniffer allows a user to watch all network traffic over any network interfaces|

|33 |KSniffer |A network statistics collector, | | |connected to a host machine. It supports most TCP/IP protocols and collects the|

| | |i.e., Sniffer | | |number of packets as well as the number of bytes for each protocol. Activity is|

| | | | | |displayed in terms of protocol, bytes/protocol, kbits/sec, packets/sec etc. |

| | | | | | |

| | | | | |ICQ Sniffer is a handy network utility to capture and log ICQ chat from |

|34 |Shadow Network Spy | | | |computers within the same LAN. It supports messaging through ICQ server with |

| | |An ICQ Sniffer | | |format of plain text, RTF, or HTML. It is easy to run the Shadow Network Spy on|

| | | | | |any computer on your network. Click the start button to capture. It will record|

| | | | | |any conversation from any PC within the same LAN. |

| | | | | | |

| | | | | | |

|35 |Pf |The innovative packet filter in |Yes |OpenBSD, NetBSD, |Filters network packets |

| | |OpenBSD | |FreeBSD | |

| | pf.html | | | | |

| | | | | |Scans servers built practically on any platform. |

|36 |Network Security Scanner |Network vulnerability scanner |No |All |Because of a fully open (ActiveX-based) architecture any professional with |

| | | | | |knowledge of VC++, C++ Builder or Delphi may easily expand the capabilities of |

| | | | | |the Scanner. |

| | | | | |Detailed scan session log in HTML, XML, PDF, RTF and CHM (compiled HTML) |

| | | | | |formats. |

| | | | | |Instead of trying one host until it timeouts or replies, fping will send out a |

| | | | | |ping packet and move on to the next host in a round-robin fashion. If a host |

|37 |Fping |A parallel ping scanning program.|Yes |Linux |replies, it is noted and removed from the list of hosts to check. If a host |

| | | | | |does not respond within a certain time limit and/or retry limit it will be |

| | | | | |considered unreachable. |

| | | | | |Can be used in scripts and the output is easy to parse. |

| | | | | | |

|38 |TCP Wrappers |A classic IP-based access control|Yes |Solaris |Can monitor and filter incoming requests for the |

| | |and logging mechanism | |BSD |SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other |

| | | | | |network services. |

| | | | | | |

|39 |Paketto Kerietso |Extreme TCP/IP |No |Linux |The Paketto Keiretsu is a collection of tools that use new and unusual |

| | | | |BSD |strategies for manipulating TCP/IP networks.They tap functionality within |

| | | | | |existing infrastructure and stretch protocols beyond what they were originally |

| | | | | |intended for. |

| | | | | | |

|40 |Stunnel |Allows you to encrypt arbitrary |Yes |Windows |Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, |

| | |TCP connections inside SSL | |*NIX |IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes|

| | | | | |to the daemon's code. |

| | | | | | |

| | | | | |A small daemon that creates virtual hosts on a network. The hosts can be |

|41 |Honeyd |Your own personal Honeynet. |Yes |Windows |configured to run arbitrary services, and their TCP personality can be adapted |

| | | | |Linux |so that they appear to be running certain versions of operating systems. Honeyd|

| | | | |BSD |enables a single host to claim multiple addresses on a LAN for network |

| | | | | |simulation. It is possible to ping the virtual machines, or to traceroute them.|

| | | | | |Any type of service on the virtual machine can be simulated according to a |

| | | | | |simple configuration file. It is also possible to proxy services to another |

| | | | | |machine rather than simulating them |

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download