The best of Top Ten Packet Sniffer 2010
Posted on January 19, 2010 by admin
Sectools.Org has listed out the best packet sniffer tool used by most of the IT Security Administrator out there. Here is the list, starting with the most popular:
#1       |
 Wireshark : Sniffing the glue that holds the Internet togetherWireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences). |
| #2 |
 Kismet : A powerful wireless snifferKismet is an console (ncurses) based 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing (as opposed to more active tools such as NetStumbler), and can even decloak hidden (non-beaconing) networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/TCPDump compatible format, and even plot detected networks and estimated ranges on downloaded maps. As you might expect, this tool is commonly used for wardriving. Oh, and also warwalking, warflying, and warskating, …Also categorized as: wireless tools |
| #3 |
 Tcpdump : The classic sniffer for network monitoring and data acquisitionTcpdump is the IP sniffer we all used before Ethereal (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI or parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with fewer security holes. It also requires fewer system resources. While it doesn’t receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. TCPDump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap among many other tools. |
| #4 |
 Cain and Abel : The top password recovery tool for WindowsUNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also well documented.Also categorized as: password crackers |
| #5 |
 Ettercap : In case you still thought switched LANs provide much extra securityEttercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN. |
| #6 |
 Dsniff : A suite of powerful network auditing and penetration-testing toolsThis popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available here. Overall, this is a great toolset. It handles pretty much all of your password sniffing needs. |
| #7 |
 NetStumbler : Free Windows 802.11 SnifferNetstumbler is the best known Windows tool for finding open wireless access points (”wardriving”). They also distribute a WinCE version for PDAs and such named Ministumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC.Also categorized as: wireless tools |
| #8 |
 Ntop : A network traffic usage monitorNtop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user’s terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.Also categorized as: traffic monitoring tools |
| #9 |
Ngrep : Convenient packet matching & display ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.Also categorized as: traffic monitoring tools |
Original Source: http://sectools.org/
Bookmark and Share:
Filed under: Uncategorized | Tagged: Cain and Abel, Dsniff, EtherApe, Ettercap, Kismet, NetStumbler, Ngrep, Ntop, Packet Sniffer, Sniffertool, Tcpdump, wireshark
NTOP is a great tool for NetFlow. Scrutinizer from http://www.plixer.com is also a great product for NetFlow and sFlow Analysis.
[...] original post here: Extra Reading Materials » The best of Top Ten Packet Sniffer 2010 Share and [...]
You can also have a look at
http://labs.qosmos.com
There is a new L7/DPI based packet sniffer (available free) that analyses more than 100 protocols.
You can try it. Comments are welcome.
[...] this is a semiannual event where we bring together representatives from key customers to shareExtra Reading Materials The best of Top Ten Packet Sniffer 2010Kismet : A powerful wireless sniffer. Kismet is an console (ncurses) based 802.11 layer2 wireless [...]
Everyone can not be lack of exercise, exercise can be good to our health.What do you think?
Thanks for the post
I like your post. You make some good points.
What a great blog!There have a chance that we can have an furthur exchanges and cooperation.I will always pay attention to your blog.
interesting here
You forgot OPNET’s ACE Analyst:
http://www.opnet.com/solutions/application_performance/ace.html
Also “What is the best tool to analyze Network Packets”
http://hunch.com/performance-troubleshooting-with-packet-captures/
Enjoy,
Andy Fields
great !
I like your post. You make some good points.
You can try it. Comments are welcome.
I will always pay attention to your blog.
I think they have listed a great sniffet tool and good idea if i will check them out.