This program implements: a) A PPTP challenge/response sniffer. These c/r can be input into L0phtcrack to obtain the password, and b) An active attack on PPTP logons via the MS-CHAP vulnerability to obtain the users password hashes. Notice that this also generates the password hashes of the new password the user wanted to use. These can be input into L0phtcrack to get password, into a modified smbclient to logon onto a SMB sever, or into a modified PPP client for use with the Linux PPTP client.

Arpwatch is a tool that monitors ethernet activity and keeps a database of ethernet/ip address pairings. It also reports certain changes via email. Arpwatch uses libpcap, a system-independent interface for user-level packet capture. Before building tcpdump, you must first retrieve and build libpcap, also from LBL, in: ftp://ftp.ee.lbl.gov/libpcap-*.tar.Z.

Bandmin is a simple set of perl scripts designed to record and log ip accouting data. It can also display the data that it collects in a set of html pages. Bandmin currently has support for ipchains, UserIPAcct, ipfwadm, ipf, and ipfw.

COLD is a network sniffer and a protocol analyzer. It is distributed freely, so its usage is free and the package is freely available. A sniffer is a network monitoring and protocol analyzing tool which allows to study, maintain and troubleshoot networks by extracting flowing data and printing out its content and structure. COLD has been developed for troubleshooting, edutcational and commercial purposes only.

EPAN is a protocol analyzer for ethernet networks. The program allows you to display the received frames either in an overview mode or in a frame detail mode. It is also possible to create a few statistics (frame size distribution, utilization or protocol statistics). For more detailed statistics EPAN offers to use an external program like gnuplot to evaluate the collected data. Data acquisition is done by a separate program called edump (similar to an RMON probe). This program can capture data from the following devices:

Ethereal is a network protocol analyzer for Unix. It allows you to examine data from a live network, or from a capture file on disk. One of the goals of the project is to have an application that is similar in functionality to Network Associates' NetXRay or the AG Group's EtherPeek. Although these are both excellent products, neither of them runs under Unix.

Exdump is a packet watcher, dumper, and logger. TCP, UDP, and ICMP packets which pass a computer which exdump resides on and runs on are logged. exdump allows output to be directed to the console or to a user-defined file.

Gnusniff is a GTK based Gnome aware sniffer that was written using libpcap.

Ipgrab is a packet sniffing tool, based on the Berkeley packet capture library, that prints complete data-link, network and transport layer header information for all packets it sees.

ppl is a daemon which logs IP packets sent to a computer. It runs in the background, and displays information about the incoming packets. Criteria can be used to specify what packets should be logged and what packets should be ignored.