Thanks so far for all the received answers. I tested windump and winpcap of course. They work as advertised. Only the command line installation still needs to be tested. I receive some errors that the network adapter can not be found when just copying the required files. Also might it be quit cumbersome to analyse the results in larger environments. Same goes with search for dual homed systems. Most tools generate nice output but do not tell immediately which systems are dual homed. Even SolarWinds (create tool, especially when SNMP is enabled) can just be queried to show only dual homed systems in a large environment.) If you have remote registry access LANGuard is doing a great job but same problem to pick out all the dual homed systems quickly. You have to go manually through each analysed system details. I also got some unofficial answer from Foundstone. FSniff is not released as of yet. WinVNC is nice but as with all the remote control stuff,... you notice it on the remote target host. Erwin In terms of sniffing, your first step might be to pick up the WinPcap. http://netgroup-serv.polito.it/winpcap/install/default.htm There are various sniffing utilities out there and have worked with most all of them. If you are looking for raw packet dump with TCPDump functionality, I would highly recommend Ethereal for Win32. http://www.ethereal.com/distribution/win32/ -----Original Message----- From: H Carvey [mailto:keydet89at_private] Sent: Friday, December 07, 2001 2:21 PM To: pen-testat_private Subject: Re: Command line network sniffing tools on NT/W2K In-Reply-To: <2FAEA868F23AD411AFD10000D11ED33E04686D18at_private> >I am missing some good tools in my toolbox. In particular I am looking for >command line: Just a thought...if you have remote command line, why not install WinVNC...you can install it and launch it from the command line. >- network sniffing tools (both general ones like windump and password sniffing ones) Winpcap installs pretty easily... >- methods to find multi homed systems fast in a large LAN/WAN environment If you've got remote Registry access, it's not hard. Also, if SNMP happens to be installed... ;-) > Is Fsniff already out? What did you find when you went by the FoundStone site? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Dec 11 2001 - 08:49:20 PST