Network Troubleshooting Tools
Hot Tools presentation, Laura Chappell
from
http://www.packet-level.com
- NetScan Tools Pro: $199
http://www.netscantools.com
Many features, excellent help file including RFC references and detailed information.
- Ethereal: Free!
http://www.ethereal.com
Excellent free traffic capture and analysis. !Can sort the tracefile by column!
- Sam Spade: Free!
http://www.samspade.org
A smaller multifeatured program like NetScan Tools. Their tools can also be run from their website for testing outside firewalls/etc.
- Snort + IDSCenter: Free!
http://www.snort.org
Free Intrusion Detection utility. IDSCenter -> graphical interface into Snort.
- nMap: Free!
http://www.insecure.org
Port/Ping Scanning & OS fingerprinting
Available version for NT
- Ettercap: Free!
http://ettercap.sourceforge.net
Attack tool - use only for testing and with extreme caution.
"Man in the middle" tool to inject characters into datastream or kill connections.
- GRC Tools: Free tools from Jim Gibson
http://www.grc.com
e.g. ID Serve - OS fingerprinting tool
- DSniff: various tools
http://www.monkey.org/~dugsong/dsniff
e.g. passive tools such as MailSnarf - passive packet analysis tool for smtp & active attack tools: Arpspoof, DNSspoof
Macof - attacks a switch attempting to force it into "failover mode" making it "a hub"
- Specter Honeypot: $899 ($599 "Specter Light")
http://www.specter.com
Specter Light - only pretends to be a Windows version.
runs on Win2K.
- White Glove: $99
http://www.all.net
White Glove = CDROM bootable Linux (separate)
Deception Toolkit = honey pot that runs well under White Glove
- AirMagnet: ?buy through reseller?
http://www.airmagnet.com
Can run on IPaq!
Wireless analyzer to find 802.11a&b traffic on what channels.
Passive listener - doesn't actively probe for access.
- GPS + Antennas
http://www.fab-corp.com
Interface to wireless device to record locations.
amps & antennas - need in depth consulting help to select amp & antennas that go together and suit your needs.
- L0phtCrack - now LC4: $99
http://www.@stake.com
http://www.openwall.com/john - "John the Ripper" <-Linux only
Password auditor/cracking
Has 15 day trial download available - brute force attack not available.
- LANGuard
http://www.gfi.com
?free for noncommercial use?
vulnerability scanner - various scans/probes, OS fingerprinting, and various recon: http banner page, file shares, possible vulnerabilities.
GFI has various tools available. Some are freeware: network security scanner and security alerts
- NetStumbler/MiniStumber(pocketPC): Free
http://www.netstumbler.com
actively polls wireless channels - can be averted by disabling poll responses on access points.
Can be interfaced into GPS to log coordinates with access point info - to map active access points.
- Invisible Secrets: $39.95
http://www.neobytesolutions.com
LSB steganography tool - Least Significant Bit Steganography
2 types = Data injection, Data replacement
steals 1 or more bits from each byte to hide another image inside the carrier image.
- HexWorkshop: $49.95
http://www.bpsoft.com
Hex Editor
- Etherpeek: $995 - standard version
http://www.wildpackets.com
protocol analyzer with Expert assistance built-in (in NX version: $3495)
- Sniffer: $$$thru reseller
http://www.sniffer.com
protocol analyzer. Strength = it's excellent decode capability.
I use it and I really like it's "scope" view. It's well integrated tools make it easy to use and fairly intuitive (for this category of product.)
- Iris: $
http://www.eeye.com
was "capturenet" and "peepnet"
traffic analyzer - useful to reconstruct HTTP web browsing sessions.
- Brutus: Free!
http://www.hoobie.net/brutus
Password cracking tool using your own password file.
- CameraShy: Free!
http://www.hacktivismo.com
A cult of dead cow browser created to communicate with Chinese dissidents.
Identifies images with possible steganography altered files.
sabotour.8m.com = a test page.
Product "6/4" was also created for peer to peer file sharing and firewall tunnelling.
- PingPlotter: $24.95
http://www.pingplotter.com
- KeyGhost: $99 - $199 depending on memory
http://www.keyghost.com
Hardware Keylogger - keystrokes stored in the hardware device. Can be viewed from the machine with the password/etc.
-SpyCop: $69.95
http://www.spycop.com
Software to check computer for spyware or malware.