RE: Command line network sniffing tools on NT/W2K

From: Zwan-van-der.Erwin (Erwin.Zwan-van-der@siemens.nl)
Date: 12/11/01


From: "Zwan-van-der.Erwin" <Erwin.Zwan-van-der@siemens.nl>
To: "'Slighter, Tim'" <tslighter@itc.nrcs.usda.gov>, pen-test@securityfocus.com
Date: Tue, 11 Dec 2001 11:53:03 +0100

Thanks so far for all the received answers.

I tested windump and winpcap of course. They work as advertised. Only the
command line installation still needs to be tested. I receive some errors
that the network adapter can not be found when just copying the required
files. Also might it be quit cumbersome to analyse the results in larger
environments. Same goes with search for dual homed systems. Most tools
generate nice output but do not tell immediately which systems are dual
homed. Even SolarWinds (create tool, especially when SNMP is enabled) can
just be queried to show only dual homed systems in a large environment.) If
you have remote registry access LANGuard is doing a great job but same
problem to pick out all the dual homed systems quickly. You have to go
manually through each analysed system details.

I also got some unofficial answer from Foundstone. FSniff is not released as
of yet.

WinVNC is nice but as with all the remote control stuff,... you notice it on
the remote target host.

Erwin

In terms of sniffing, your first step might be to pick up the WinPcap.

http://netgroup-serv.polito.it/winpcap/install/default.htm

 There are various sniffing utilities out there and have worked with most
all of them. If you are looking for raw packet dump with TCPDump
functionality, I would highly recommend Ethereal for Win32.

http://www.ethereal.com/distribution/win32/

-----Original Message-----
From: H Carvey [mailto:keydet89@yahoo.com]
Sent: Friday, December 07, 2001 2:21 PM
To: pen-test@securityfocus.com
Subject: Re: Command line network sniffing tools on NT/W2K

In-Reply-To: <2FAEA868F23AD411AFD10000D11ED33E04686D18@hagb037a.siemens.nl>

>I am missing some good tools in my toolbox. In
particular I am looking for
>command line:

Just a thought...if you have remote command line,
why not install WinVNC...you can install it and
launch it from the command line.

>- network sniffing tools (both general ones like
windump and password sniffing ones)

Winpcap installs pretty easily...

>- methods to find multi homed systems fast in a
large LAN/WAN environment

If you've got remote Registry access, it's not
hard. Also, if SNMP happens to be installed... ;-)

> Is Fsniff already out?

What did you find when you went by the FoundStone
site?

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Command line network sniffing tools on NT/W2K
    ... command line is available on an exploited dual homed NT or W2K box. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: Win2K Terminal Services
    ... I believe you can install it using sysocmgr in quiet mode. ... TerminalServices and hope that whomever installed it via command line didn't ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Accessing registry through command line
    ... Accessing registry through command line ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Command line network sniffing tools on NT/W2K
    ... winpcap will install automatically if you ... > require any additional installed drivers and produce reliable results so ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • htp.print in pen-test
    ... When i insert the htp.print in the browser command line. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)