ngSniff 1.1 (NGSEC's penetration Test sniffer)
From: Fermín J. Serna (fjserna@ngsec.com)
Date: 11/24/02
- Previous message: Joe Luna: "Terminal Server brute force"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 24 Nov 2002 20:30:55 +0000 (GMT) From: Fermín J. Serna <fjserna@ngsec.com> To: pen-test@securityfocus.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Pen-Testers:
Some time ago, NGSEC released a command line sniffer for win2k or higher
(no packet driver requeired). It was developed for penetration tests once
you have access for a cmd.exe shell.
Download it at:
http://www.ngsec.com/ngresearch/ngtools/
Succesfully we got lot of feedback, and so we were forced to improve it
with your ideas/coments.
CHANGELOG for 1.1:
- ------------------
- - Better command line options parsing.
- - Command line options (--help, --list-interfaces, --interface, ...)
- - File logging (--file <file>)
- - Display packet from only one host (--only-host)
- - Minor bugs fixed.
Hope it would be useful :P
Here is a sample output (again):
C:\ngsec\ngsniff>ngsniff --interface 0 --file sniffer.log
ngSniff v1.1 by NGSEC Research Team <labs@ngsec.com>
FREEWARE command line sniffer
Next Generation Security Technologies
http://www.ngsec.com
Logging to sniffer.log...
Sniffing...
IP HEADER 192.168.1.1 -> 192.168.1.254
--------------------------------------
IP->version: 4
IP->ihl: 5
IP->tos: 0
IP->tot_len: 160
IP->id: 12800
IP->frag_off: 0
IP->ttl: 128
IP->protocol: 17
IP->checksum: 52013
UDP HEADER
----------
UDP->sport: 1028
UDP->dport: 1900
UDP->ulen: 140
UDP->checksum: 26754
----- Begin of data dump -----
4d 2d 53 45 41 52 43 48 20 2a 20 48 54 54 50 2f M-SEARCH * HTTP/
31 2e 31 0d 0a 48 4f 53 54 3a 20 32 33 39 2e 32 1.1..HOST: 239.2
35 35 2e 32 35 35 2e 32 35 30 3a 31 39 30 30 0d 55.255.250:1900.
0a 4d 41 4e 3a 20 22 73 73 64 70 3a 64 69 73 63 .MAN: "ssdp:disc
6f 76 65 72 22 0d 0a 4d 58 3a 20 33 0d 0a 53 54 over"..MX: 3..ST
3a 20 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 : urn:schemas-up
6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 np-org:service:W
41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 ANIPConnection:1
0d 0a 0d 0a ....
----- End of data dump -----
^C
C:\ngsec\ngsniff>
Fermín J. Serna
Chief Technology Officer
Next Generation Security Technologies
http://www.ngsec.com
NGSecureWeb: Protect your webserver against known & unknown attacks
http://www.ngsec.com/ngproducts/ngsw/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6
iD8DBQE94TcIjqrDERN0jroRAmRjAJ9g7h0QkdCx9YwAsZtIJHbuhB8qcgCfcX/W
vCw/Psd5UyHdJBrxDVB8BNo=
=Lo0E
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Next message: Ofir Arkin: "Paper Release: Security Risk Factors with IP Telephony based Networks"
- Previous message: Joe Luna: "Terminal Server brute force"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
