LIBNET APPLICATIONS (last updated 01.30.2001)

dsniff

dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.


snort

Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.


angst

Angst is an active sniffer, based on libpcap and libnet. It dumps into a file the payload of all the TCP packets received on the specified ports. It implements two methods for active sniffing. Angst is able to monitor ARP requests, and after enabling IP forwarding on the local host, it sends ARP replies mapping all IPs to the local MAC address. Also, it can flood the local network with random MAC addresses (like macof v1.1 by Ian Vitek), causing switches to send packets to all ports.


firewalk

Firewalking is a technqiue developed by Mike Schiffman and David Goldsmith that employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters. The techinque is useful in network audits to determine the filter rules in place on a packet forwarding device.


fragrouter

Part of an intrusion detection evasion testsuite. Implements almost all of the attacks outlined in the 1998 SNI IDS paper.


divine

Divine is a utility for laptop users or people who use their machines in different networks all the time. It is meant to be run from the PCMCIA network initialization scripts.


ISIC

ISIC (IP Stack Intergrity Checker) is intended to test the integrity of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.) It does this by generating controlled random packets and observing the results.


Couic

Couic has been designed to enforce a security policy on an internal network : it listens to everything and shoots. Couic shuts the TCP connections down with RST packets and tries to disrupts UDP transfers with ICMP "host unreachable / bad port" answers.


tracerx

Tracerx is an updated and revamped extensible backward compatable traceroute replacement. The pinnacle of traceroute technology that Jeremy and Mike will never finish.



Back