Wireshark v1.11.3 - The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.11.3

New and Updated Features

The following features are new (or have been significantly updated) since version 1.11.1:

• Qt port:
  • The About dialog has been added
  • The Capture Interfaces dialog has been added.
  • The Decode As dialog has been added. It managed to swallow up the User Specified Decodes dialog as well.
  • The Export PDU dialog has been added.
  • Several SCTP dialogs have been added.
  • The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added.
  • The I/O Graph dialog has been added.
  • French translation has updated.

The following features are new (or have been significantly updated) since version 1.11.1:

• Mac OS X packaging has been improved.

The following features are new (or have been significantly updated) since version 1.11.0:

• Dissector output may be encoded as UTF-8. This includes TShark output.
• Qt port:
  • The Follow Stream dialog now supports packet and TCP stream selection.
  • A Flow Graph (sequence diagram) dialog has been added.
  • The main window now respects geometry preferences.

The following features are new (or have been significantly updated) since version 1.10:

• Wireshark now uses the Qt application framework. The new UI should provide a significantly better user experience, particularly on Mac OS X and Windows.
• The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
• Expert information is now filterable when the new API is in use.
• The “Number” column shows related packets and protocol conversation spans (Qt only).
• When manipulating packets with editcap using the -C <choplen> and/or -s <snaplen> options, it is now possible to also adjust the original frame length using the -L option.
• You can now pass the -C <choplen> option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
• You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
• “malformed” display filter has been renamed to “_ws.malformed”. A handful of other filters have been given the “_ws.” prefix to note they are Wireshark application specific filters and not dissector filters.

Download Wireshark v1.11.3

WhoIsConnectedSniffer - Network discovery tool that listens to network packets on your network

WhoIsConnectedSniffer is a network discovery tool that listens to network packets on your network adapter using a capture driver (WinpCap or MS network monitor) and accumulates a list of computer and devices currently connected to your network. WhoIsConnectedSniffer uses various protocols to detect the computers connected to your network, including ARP, UDP, DHCP, mDNS, and BROWSER.

For every detected computer or device, the following information is displayed: (Some of the fields might be empty if the information cannot be found inside the packets) IP Address, MAC Address, name of the device/computer, description, Operating System, Network Adapter Company, IPv6 Address.

After collecting the connected computers/devices information, you can easily export the list to tab-delimited/comma-delimited/xml/html file.

Protocols supported by WhoIsConnectedSniffer

• ARP:WhoIsConnectedSniffer listens to this protocol to get the IP address and MAC address of computers and devices.
• UDP:When a computer broadcasts a UDP packet to all other computers, WhoIsConnectedSniffer extracts from it the IP address and the MAC address.
• DHCP:When a computer connects to the network, it usually sends a DHCP request. WhoIsConnectedSniffer uses this request to get the host name and IP address of the computer.
• mDNS:This protocol is used on Linux and Mac OS systems. WhoIsConnectedSniffer uses it to get the host name and IP address of the computer, and also the operating system (on Linux)
• BROWSER:This protocol is mainly used by Windows, but some Linux systems supports this protocol too. WhoIsConnectedSniffer uses it to get the name of the computer, description text of the computer, and the operating system. 

Download WhoIsConnectedSniffer

KisMAC - Free Sniffer/Scanner application for Mac OS X

KisMAC is an open-source and free sniffer/scanner application for Mac OS X. It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning.

KisMAC supports many third party USB devices: Intersil Prism2, Ralink rt2570, rt73, and Realtek rtl8187 chipsets. All of the internal AirPort hardware is supported for scanning.

The rest of this wiki assumes you are prepared for advanced topics and know what you are doing with your system.

Features

• Reveals hidden / cloaked / closed SSIDs
• Shows logged in clients (with MAC Addresses, IP addresses and signal strengths)
• Mapping and GPS support
• Can draw area maps of network coverage
• PCAP import and export
• Support for 802.11b/g
• Different attacks against encrypted networks
• Deauthentication attacks
• AppleScript-able
• Kismet drone support (capture from a Kismet drone)

Supported hardware chipsets

• Apple AirPort and AirPort Extreme (dependent upon Apple's drivers)
• Intersil Prism 2, 2.5, 3 USB devices
• Ralink rt2570 and rt73 USB devices
• Realtek RTL8187L USB (such as the Alfa AWUS036H, which does not work on Mac OS 10.6.7 or later)

Crypto support

• Bruteforce attacks against LEAP, WPA and WEP
• Weak scheduling attack against WEP
• Newsham 21-bit attack against WEP 

Download KisMAC

SmartSniff - Capture TCP/IP packets on your network adapter

SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS)

SmartSniff provides 3 methods for capturing TCP/IP packets :

1. Raw Sockets (Only for Windows 2000/XP or greater): Allows you to capture TCP/IP packets on your network without installing a capture driver. This method has some limitations and problems.
2. WinPcap Capture Driver: Allows you to capture TCP/IP packets on all Windows operating systems. (Windows 98/ME/NT/2000/XP/2003/Vista) In order to use it, you have to download and install WinPcap Capture Driver from this Web site. (WinPcap is a free open-source capture driver.) 
   This method is generally the preferred way to capture TCP/IP packets with SmartSniff, and it works better than the Raw Sockets method.
3. Microsoft Network Monitor Driver (Only for Windows 2000/XP/2003): Microsoft provides a free capture driver under Windows 2000/XP/2003 that can be used by SmartSniff, but this driver is not installed by default, and you have to manually install it, by using one of the following options:
   • Option 1: Install it from the CD-ROM of Windows 2000/XP according to the instructions in Microsoft Web site
   • Option 2 (XP Only) : Download and install the Windows XP Service Pack 2 Support Tools. One of the tools in this package is netcap.exe. When you run this tool in the first time, the Network Monitor Driver will automatically be installed on your system.
4. Microsoft Network Monitor Driver 3: Microsoft provides a new version of Microsoft Network Monitor driver (3.x) that is also supported under Windows 7/Vista/2008. Starting from version 1.60, SmartSniff can use this driver to capture the network traffic. 
   The new version of Microsoft Network Monitor (3.x) is available to download from Microsoft Web site. 
   Notice:If WinPcap is installed on your system, and you want to use the Microsoft Network Monitor Driver method, it's recommended to run SmartSniff with /NoCapDriver, because the Microsoft Network Monitor Driver may not work properly when WinPcap is loaded too.   

Download SmartSniff

Passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup

A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics.

PassiveDNS sniffes traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate DNS answers in-memory, limiting the amount of data in the logfile without loosing the essens in the DNS answer.

Example output from version 1.0.0->Current in the log file (/var/log/passivedns.log):

#timestamp||dns-client ||dns-server||RR class||Query||Query Type||Answer||TTL||Count
1322849924.408856||10.1.1.1||8.8.8.8||IN||upload.youtube.com.||A||74.125.43.117||46587||5
1322849924.408857||10.1.1.1||8.8.8.8||IN||upload.youtube.com.||A||74.125.43.116||420509||5
1322849924.408858||10.1.1.1||8.8.8.8||IN||www.adobe.com.||CNAME||www.wip4.adobe.com.||43200||8
1322849924.408859||10.1.1.1||8.8.8.8||IN||www.adobe.com.||A||193.104.215.61||43200||8
1322849924.408860||10.1.1.1||8.8.8.8||IN||i1.ytimg.com.||CNAME||ytimg.l.google.com.||43200||3
1322849924.408861||10.1.1.1||8.8.8.8||IN||clients1.google.com.||A||173.194.32.3||43200||2

Download Passivedns

DNSQuerySniffer - DNS Queries Sniffer

DNSQuerySniffer is a network sniffer utility that shows the DNS queries sent on your system. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records. 

You can easily export the DNS queries information to csv/tab-delimited/xml/html file, or copy the DNS queries to the clipboard, and then paste them into Excel or other spreadsheet application.

Download DNSQuerySniffer

[Mail Password Sniffer] Email Password Recovery and Sniffing Software

Mail Password Sniffer is the free Email Password Sniffing and Recovery Software to recover mail account passwords passing through the network.

It automatically detects the Email authentication packets passing through network and decodes the passwords for all Mail Protocols including POP3, IMAP, SMTP.

It can recover mail account passwords from all the Email applications such as Outlook, Thunderbird, Foxmail etc. For each recovered Email Account, it displays Email Protocol, Server IP Address, Port, Username & Password.

This tool will give best results in following scenarios,

• Run it on Gateway System where all of your network's traffic pass through.
• In MITM Attack, run it on middle system to capture Email Passwords from target system.
• On Multi-user System, run it under Administrator account to silently capture Email passwords for all the users.

It includes Installer which installs the Winpcap, network capture driver required for sniffing. For Windows 8, first you have to manually install Winpcap driver (in Windows 7 Compatibility mode) and then run our installer to install only 'Mail Password Sniffer'

It works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.

Download Mail Password Sniffer v2.0

[Intercepter-ng] Sniffer de Red con SSLstrip para Android

Intercepter-NG es una aplicación que nos permitirá capturas el tráfico de datos en la red local a la que estemos conectados. Esta herramienta tiene la funcionalidad de analizador de protocolos al más puro estilo Wireshark aunque con muchísimas menos opciones. Con Intercepter-ng podremos ver cookies de las diferentes conexiones que se realicen así como realizar ataques contra SSL con SSLStrip.

En RedesZone tenéis un completo manual de utilización de SSLstrip y cómo funciona exactamente para “descifrar” el tráfico SSL. La aplicación tiene varias pestañas para elegir el objetivo, iniciar el analizador de paquetes y ver todo el tráfico en detalle y también las cookies de las páginas web que la víctima ha visitado.

Lo primero que debemos hacer con esta aplicación es pulsar en el radar para escanear los posibles objetivos, una vez seleccionado el objetivo nos movemos por las pestañas para ir viendo las diferentes opciones que nos brinda esta aplicación.

Alguna de las utilidades es que nos permite recuperar la contraseña y los archivos que se transmitan en la red que estamos analizando.

Los requisitos que necesita esta aplicación son los siguientes:

• Android 2.3.3 o superior
• Ser root
• Tener instalado Busybox

Fuente

Download Intercepter-ng

[Password Sniffer Spy v2.0] Tool to Sniff and Capture HTTP/FTP/POP3/SMTP/IMAP Passwords

Password Sniffer Spy is the all-in-one Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network.

It automatically detects the login packets on network for various protocols and instantly decodes the passwords. Here is the list of supported protocols,

• HTTP (BASIC authentication)
• FTP
• POP3
• IMAP
• SMTP

In addition to recovering your own lost passwords, you can use this tool in following scenarios,

• Run it on Gateway System where all of your network's traffic pass through.
• In MITM Attack, run it on middle system to capture the Passwords from target system.
• On Multi-user System, run it under Administrator account to silently capture passwords for all the users.
  

It includes Installer which installs the Winpcap, network capture driver required for sniffing. For Windows 8, first you have to manually install Winpcap driver (in Windows 7 Compatibility mode) and then run our installer to install only Password Sniffer Spy.

Download Password Sniffer Spy v2.0