Sniffing Tools

There are so many tools available to perform sniffing over a network, and they all have their own features to help a hacker analyze traffic and dissect the information. Sniffing tools are extremely common applications. We have listed here some of the interesting ones −

Sniffing Tool: Wireshark

  • It lets you capture and interactively browse the traffic running on a computer network.
  • Wireshark uses Winpcap to capture packets, so it can only capture the packets on the networks supported by Winpcap.
  • It captures live network traffic from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI networks.
  • Captured files can be programmatically edited via command-line.
  • set of filters for customized data display can be refined using a display filter.

Follow TCP Stream in Wireshark

  • The tool sees TCP data in the same way as that of the application layer. Use this tool to find passwords in a Telnet session or make sense of a data stream.

Display Filters in Wireshark 

  • Display filters are used to change the view of packets in the captured files.
  • Display Filtering by Protocol:
    • Example: Type the protocol in the filter box; arp, http, tcp, udp, dns, ip
  • Monitoring the Specific Ports:
    • tcp.port==23
    • ip.addr==192.168.1.100 machine ip.addr==192.168.1.100 && tcp.port=23
  • Filtering by Multiple IP Addresses:
    • ip.addr==10.0.0.4 or ip.addr==10.0.0.5
  • Filtering by IP Address:
    • ip.addr==10.0.0.4
  • Other Filters:
    • ip.dst==10.0.1.50 && frame.pkt_len>400
    • ip.addr==10.0.1.12 && icmp && frame.number > 15 && frame.number < 30
    • ip.src==205.153.63.30 or ip.dst==205.153.63.30

Additional Wireshark Filters

  • Displays all TCP resets:
    • tcp.flags.reset==1
  • Set a filter for the HEX values of 0x33 0x27 0x58 at any offset:
    • udp contains 33:27:58
  • Displays all HTTP GET requests:
    • http.request
  • Displays all retransmissions in the trace:
    • tcp.analysis.retransmission
  • Displays all TCP packets that contain the word ‘traffic’:
    • tcp contains traffic
  • Masks out arp, icmp, dns, or other protocols and allows you to view traffic of you interest:
    • !(arp or icmp or dns)

Sniffing Tool: StellCentral Packet Analyzer

  • StellCentral Packet Analyzer provides a graphical console for high-speed packet analysis.

Sniffing Tool: Tcpdump/Windump

  • TCPdump is a command line interface packet sniffer which runs on Linux and Windows.
  • TCPDump: Runs on Linux and UNIX systems
  • WinDump: Runs on Windows systems

Packet Sniffing Tool: Capsa Network Analyzer

  • Capsa Network Analyzer captures all data transmitted over the network and provides a wide range of analysis statistics in an intuitive and graphic way.

Network Packet Analyzer: OmniPeek Network Analyzer

  • OmniPeek sniffer displays a Google Map in the OmniPeek capture window showing the locations of all the public IP addresses of captured packets.
  • This feature is a great way to monitor the network in real time, and show from where in the world that traffic is coming.

Network Packet Analyzer: Observer

  • Observer provides a comprehensive drill-down into network traffic and provides back-in-time analysis, reporting, trending, alarms, application tools, and route monitoring capabilities.

Network Packet Analyzer: Sniff-O-Matic

  • Sniff-O-Matic is a network protocol analyzer and packet sniffer that captures network traffic and enables you to analyze the data.

TCP/IP Packet Crafter: Colasoft Packet Builder

  • Colasoft Packet Builder allows user to select one from the provided templates: Ethernet Packet, ARP Packet, IP Packet, TCP Packet and UDP Packet, and change the parameters in the decoder editor, hexadecimal editor, or ASCII editor to create a packet.

Network Packet Analyzer: RSA NetWitness Investigator

  • RSA NetWitness Investigator captures live traffic and process packet files from virtually any existing network collection devices.

Additional Sniffing Tools

Packet Sniffing Tools for Mobile: Wi.cap. Network Sniffer Pro and FaceNiff

  • Wi.cap. Network Sniffer Pro: Mobile network packet sniffer for ROOT ARM droids.
  • FaceNiff: FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the Wi-Fi.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *