-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Pen-Testers: Some time ago, NGSEC released a command line sniffer for win2k or higher (no packet driver requeired). It was developed for penetration tests once you have access for a cmd.exe shell. Download it at: http://www.ngsec.com/ngresearch/ngtools/ Succesfully we got lot of feedback, and so we were forced to improve it with your ideas/coments. CHANGELOG for 1.1: - ------------------ - - Better command line options parsing. - - Command line options (--help, --list-interfaces, --interface, ...) - - File logging (--file <file>) - - Display packet from only one host (--only-host) - - Minor bugs fixed. Hope it would be useful :P Here is a sample output (again): C:\ngsec\ngsniff>ngsniff --interface 0 --file sniffer.log ngSniff v1.1 by NGSEC Research Team <labsat_private> FREEWARE command line sniffer Next Generation Security Technologies http://www.ngsec.com Logging to sniffer.log... Sniffing... IP HEADER 192.168.1.1 -> 192.168.1.254 -------------------------------------- IP->version: 4 IP->ihl: 5 IP->tos: 0 IP->tot_len: 160 IP->id: 12800 IP->frag_off: 0 IP->ttl: 128 IP->protocol: 17 IP->checksum: 52013 UDP HEADER ---------- UDP->sport: 1028 UDP->dport: 1900 UDP->ulen: 140 UDP->checksum: 26754 ----- Begin of data dump ----- 4d 2d 53 45 41 52 43 48 20 2a 20 48 54 54 50 2f M-SEARCH * HTTP/ 31 2e 31 0d 0a 48 4f 53 54 3a 20 32 33 39 2e 32 1.1..HOST: 239.2 35 35 2e 32 35 35 2e 32 35 30 3a 31 39 30 30 0d 55.255.250:1900. 0a 4d 41 4e 3a 20 22 73 73 64 70 3a 64 69 73 63 .MAN: "ssdp:disc 6f 76 65 72 22 0d 0a 4d 58 3a 20 33 0d 0a 53 54 over"..MX: 3..ST 3a 20 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 : urn:schemas-up 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 np-org:service:W 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 ANIPConnection:1 0d 0a 0d 0a .... ----- End of data dump ----- ^C C:\ngsec\ngsniff> Fermín J. Serna Chief Technology Officer Next Generation Security Technologies http://www.ngsec.com NGSecureWeb: Protect your webserver against known & unknown attacks http://www.ngsec.com/ngproducts/ngsw/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Made with pgp4pine 1.75-6 iD8DBQE94TcIjqrDERN0jroRAmRjAJ9g7h0QkdCx9YwAsZtIJHbuhB8qcgCfcX/W vCw/Psd5UyHdJBrxDVB8BNo= =Lo0E -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Nov 26 2002 - 09:13:44 PST