Penetration Testing mailing list archives

RE: Command line network sniffing tools on NT/W2K

From: "Zwan-van-der.Erwin" <Erwin.Zwan-van-der () siemens nl>
Date: Tue, 11 Dec 2001 11:53:03 +0100

Thanks so far for all the received answers.

I tested windump and winpcap of course. They work as advertised. Only the
command line installation still needs to be tested. I receive some errors
that the network adapter can not be found when just copying the required
files. Also might it be quit cumbersome to analyse the results in larger
environments. Same goes with search for dual homed systems. Most tools
generate nice output but do not tell immediately which systems are dual
homed. Even SolarWinds (create tool, especially when SNMP is enabled) can
just be queried to show only dual homed systems in a large environment.) If
you have remote registry access LANGuard is doing a great job but same
problem to pick out all the dual homed systems quickly. You have to go
manually through each analysed system details.

I also got some unofficial answer from Foundstone. FSniff is not released as
of yet.

WinVNC is nice but as with all the remote control stuff,... you notice it on
the remote target host.

Erwin


In terms of sniffing, your first step might be to pick up the WinPcap. 

http://netgroup-serv.polito.it/winpcap/install/default.htm

 There are various sniffing utilities out there and have worked with most
all of them.  If you are looking for raw packet dump with TCPDump
functionality, I would highly recommend Ethereal for Win32.  

http://www.ethereal.com/distribution/win32/

-----Original Message-----
From: H Carvey [mailto:keydet89 () yahoo com]
Sent: Friday, December 07, 2001 2:21 PM
To: pen-test () securityfocus com
Subject: Re: Command line network sniffing tools on NT/W2K



In-Reply-To: <2FAEA868F23AD411AFD10000D11ED33E04686D18 () hagb037a siemens nl>

I am missing some good tools in my toolbox. In

particular I am looking for

command line:


Just a thought...if you have remote command line,
why not install WinVNC...you can install it and
launch it from the command line.

- network sniffing tools (both general ones like

windump and password sniffing ones)

Winpcap installs pretty easily...

- methods to find multi homed systems fast in a

large LAN/WAN environment

If you've got remote Registry access, it's not
hard.  Also, if SNMP happens to be installed...  ;-)

Is Fsniff already out?


What did you find when you went by the FoundStone
site?


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Command line network sniffing tools on NT/W2K Zwan-van-der.Erwin (Dec 06)
- Re: Command line network sniffing tools on NT/W2K Erik Parker (Dec 10)
- Re: Command line network sniffing tools on NT/W2K andreas junestam (Dec 10)
- <Possible follow-ups>
- Re: Command line network sniffing tools on NT/W2K H Carvey (Dec 10)
- RE: Command line network sniffing tools on NT/W2K Slighter, Tim (Dec 10)
- RE: Command line network sniffing tools on NT/W2K Zwan-van-der.Erwin (Dec 11)