Index of Packet Sniffers
.. Dec 2 16:52:43 1999 3072 Up to higher level directory.
BUTTsniff093 Sep 2 16:37:09 1999 512
antisniff Sep 9 14:03:58 1999 512
buttsniffer Sep 2 16:37:34 1999 512
Analyzer.exe Aug 16 17:13:56 1999 3837440 Analyzer is a fully configurable public domain protocol analyzer for Windows 9x/NT. It features a graphical interface, an analysis engine and a capture program. By Piero Viano. Note: To capture packets you must install a device driver before the Analyzer installation. Device drivers: NT, Win9x. If you don't have MSIE 4.x or 5.0 installed, then you'll need hhupd.exe (461k), which contains the requisite Microsoft HTML extensions.
BUTTSniff-0.9.1.zip Aug 16 17:13:46 1999 175625 see above
BUTTSniff-0.9.1a.zip Aug 16 17:13:45 1999 176344 see above
BUTTSniff-0.9.2.zip Aug 16 17:13:46 1999 164231 BUTTSniff v0.9.2: Upgraded to work with Windows NT! Also added IP and port filtering for direct disk dump. By dildog.
BUTTSniff-0.9.3.zip Aug 16 17:13:50 1999 131405
BUTTSniff.dll Aug 16 17:13:45 1999 262656 BUTTSniff plugin for Back Orifice.
BUTTSniff.exe Aug 16 17:13:45 1999 261632 BUTTSniff Standalone version.
BUTTSniff.zip Aug 16 17:13:45 1999 168889 BUTTSniff v0.90 - BUTTSniffer is a packet sniffer and network monitor for Win95 and Win98. It works as a standalone executable, and as plugin for Back Orifice. Features TCP Connection monitoring, Password sniffing, Packet filtering, Multiple interface support, Interactive mode. For Win95/98 only.
FrontPage.txt Oct 25 17:25:12 1999 14885
Net-RawIP-0.03.tar.g..> Aug 16 17:13:51 1999 20188 See above. This is final v0.30 release.
Net-RawIP-0.03b.tar...> Aug 16 17:13:50 1999 14951 Net-RawIP v0.03b - Perl module that can be used to manipulate raw ip packets and ethernet headers, similar to libpcap and libnet. By Sergey V. Kolychev.
Net-RawIP-0.03c.tar...> Aug 16 17:13:50 1999 15617 Perl module that can be used to manipulate raw ip packets and ethernet headers, similar to libpcap and libnet. By Sergey V. Kolychev.
Net-RawIP-0.03d.tar...> Aug 16 17:13:50 1999 15472 See above for description.
Net-RawIP-0.03e.tar...> Aug 16 17:13:50 1999 15528 See above for description.
Net-RawIP-0.03f.tar...> Aug 16 17:13:50 1999 15702 See above for description.
Net-RawIP-0.04.tar.g..> Aug 16 17:13:51 1999 20413 Perl module that can be used to manipulate raw ip packets and ethernet headers, similar to libpcap and libnet. By Sergey V. Kolychev.
Net-RawIP-0.04a.tar...> Aug 16 17:13:51 1999 20536 See description above.
Net-RawIP-0.04b.tar...> Aug 16 17:13:51 1999 20745 See description above.
Net-RawIP-0.04e.tar...> Aug 16 17:13:51 1999 22712 See description above.
Net-RawIP-0.05.tar.g..> Aug 16 17:13:51 1999 23850 Perl module that can be used to manipulate raw ip packets and ethernet headers, similar to libpcap and libnet. This release is ported to Perl 5.005 and *BSD, has numerous bugfixes, implements the function called "linkoffset", has a _real_ traceroute script, oshare script (kills Win98 dead), and more. 23k. By Sergey V. Kolychev.
Net-RawIP-0.05a.tar...> Aug 16 17:13:51 1999 26297 See description above.
Net-RawIP-0.05b.tar...> Aug 16 17:13:51 1999 26447 See description above.
Net-RawIP-0.05c.tar...> Aug 16 17:13:52 1999 27069 See description above.
Net-RawIP-0.05d.tar...> Aug 16 17:13:52 1999 27947 See description above.
Net-RawIP-0.05e.tar...> Aug 16 17:13:52 1999 28424 See description above.
Net-RawIP-0.05f.tar...> Aug 16 17:13:52 1999 28486 See description above.
Net-RawIP-0.06.tar.g..> Aug 16 17:13:52 1999 30034 See description above.
Net-RawIP-0.06a.tar...> Aug 16 17:13:52 1999 29987 Perl module that can be used to manipulate raw ip packets and ethernet headers, similar to libpcap and libnet. This release is ported to Perl 5.005 and *BSD, has numerous bugfixes, implements the function called "linkoffset", has a _real_ traceroute script, oshare script (kills Win98 dead), uses the ifaddrlist function which returns all up network devices with their ip addresses, uses the rdev function which returns the name of the outgouing device for the given destination, code improved for FreeBSD, OpenBSD, NetBSD, BSDI, and more. With these new functions it is possible to write scripts which don't require any modification. By Sergey V. Kolychev.
Net-RawIP-0.06b.tar...> Aug 16 17:13:52 1999 30075 See description above.
Net-RawIP-0.06c.tar...> Aug 16 17:13:52 1999 30279 See description above.
Net-RawIP-0.06d.tar...> Aug 16 17:13:52 1999 30385 Net::RawIP 0.06d is a Perl extension for easy manipulation of raw IP packets with an interface to libpcap. This package provides a class object which can be used for creating, manipulating and sending raw IP packets and optional manipulation of ethernet headers. Changes: Added possibility to send any arbitrary an ethernet frames, now filedescriptors correctly closed when object destroys. By Sergey V. Kolychev.
Net-RawIP-0.06e.tar...> Aug 16 17:13:57 1999 30447 See description above. Changes: bugfix release.
Net-RawIP-0.09.tar.g..> Oct 21 15:38:13 1999 31931 Net::RawIP is a Perl extension for easy manipulation of raw IP packets with an interface to libpcap. This package provides a class object which can be used for creating, manipulating and sending raw IP packets and optional manipulation of ethernet headers. Changes: Bugfixes, non-integer sleep delays. By Sergey V. Kolychev.
NetPacket-0.01.readm..> Aug 16 17:13:57 1999 1450
NetPacket-0.01.tar.g..> Aug 16 17:13:57 1999 8940 NetPacket::* 0.01 - The NetPacket::* bundle of modules disassemble network packets into a Perl hash for various Internet protocols. There are hooks for assembly of packets, but they have not been implemented in this version. At present, decoding for the following protocols has been implemented: Ethernet, ARP, ICMP, IGMP, IP, UDP, TCP. Changes: Initial version. NetPacket-0.01.readme. By Tim Potter.
Packet95.exe Oct 21 14:50:54 1999 45568 Network capture drvier required for use with WinDump: TCPdump for Windows 95/98. WARNING: WinDump 2.01 comes with a new device driver that is NOT compatible with the old one. Users of an older version of WinDump need to uninstall the old driver and install the new one in order to run WinDump 2.01. This is the new one. By Piero Viano.
PacketNT.exe Oct 21 14:51:15 1999 48128 Network capture drvier required for use with WinDump: TCPdump for Windows NT. WARNING: WinDump 2.01 comes with a new device driver that is NOT compatible with the old one. Users of an older version of WinDump need to uninstall the old driver and install the new one in order to run WinDump 2.01. This is the new one. By Piero Viano.
Sn00py.c Aug 16 17:13:45 1999 11797 IRIX packet sniffer.
Sniffer2.txt Aug 16 17:13:44 1999 15056 Packet Sniffer Construction, Part II - The second installment of the "Packet Sniffer Construction" series off whitepapers by Chad Renfro. Includes good code and excellent, detailed descriptions.
Sniffer_construction..> Aug 16 17:13:52 1999 20577 Basic Packet-Sniffer Construction from the Ground Up - This is a detailed whitepaper on how to constuct a working packet-sniffer in ansii C. Excellent work, very detailed, a "must-read" for everybody. By Chad Renfro.
Tcp-Listen-1.5.tar.g..> Aug 16 17:13:49 1999 10518 Tcp Listen is a TCP/UDP/ICMP/IP packet reporter based on tcpdump. Tcp Listen will report in one terminal line all the important data from any incoming packet.
WinDump.exe Oct 21 14:55:53 1999 196608 WinDump: TCPdump for Windows NT - Version 2.01 - TCPdump is a network capture program developed by Network Research Group (NRG) of the Information and Computing Sciences Division (ICSD) at Lawrence Berkeley National Laboratory (LBNL) in Berkeley, California. Originally available only on UNIX platform, this is a port to Windows NT 4.0. It consists of an executable (the windump main program) with a network capture driver. By Piero Viano.
WinDump95.exe Aug 16 17:13:53 1999 147141 WinDump: TCPdump for Windows 95/98 - TCPdump is a network capture program developed by Network Research Group (NRG) of the Information and Computing Sciences Division (ICSD) at Lawrence Berkeley National Laboratory (LBNL) in Berkeley, California. Originally available only on UNIX platform, this is a port to Windows NT 95/98. It consists of an executable (the windump main program) with a network capture driver. By Piero Viano.
analyzer.exe Aug 16 17:13:54 1999 596164 Hoppa Protocol Packet Analyzer - Packet Analyzer for Windows NT. Takes snapshots of ethernet traffic; adjustable buffer and filter; output written to file and screen. By Hoppa.
anger.tar.gz Aug 16 17:13:44 1999 9417 PPTP Challenge/Response Sniffer & Active Attack Addon for L0phtCrack. By Aleph One. Basically, it actively attacks PPTP logon via the MS-CHAP password change protocol version 1 to obtain the LANMAN and NT password hashes. Note that once you get the password hashes, you dont even need to crack the passwords to logon onto an SMB server or PPTP server. There is currently no patch from Microsoft to protect against this.
arpwatch-2.1a4.tar.Z Aug 16 17:13:52 1999 145205
cold-1.0.10.tgz Aug 16 17:13:50 1999 85478 COLD v1.0.10 - A network sniffer and protocol analyzer with support for lots of devices and protocols. COLD web site.
cold-1.0.9.tgz Aug 16 17:13:44 1999 84153 cold v1.0.9 - A network sniffer with support for lots of devices and protocols.
epan_1.3.1-1.tar.gz Aug 16 17:13:44 1999 395029 EPAN v1.3.1-1 - EPAN is a protocol analyzer for ethernet networks. By Peter Tobias.
esniff.c Sep 9 13:41:34 1999 12482
ethereal-0.4.1.tar.g..> Aug 16 17:13:45 1999 170137 Ethereal v0.4.1 - Latest release of Ethereal network protocol analyzer for Unix. web site.
ethereal-0.5.0.tar.g..> Aug 16 17:13:46 1999 227335 A network protocol analyzer. Examine and capture a wide variety of packet data from live networks. This version includes initial release of the wiretap library that replaces libpcap. Interfaces and packet types supported: ARP/RARP, BOOTP/DHCP, DNS, Ethernet, ICMP, IGMP, IP/TCP/UDP, IPX, LPR/LPD, OSPF, PPP, RIP, Token Ring, AppleTalk, and many others. Nice GTK GUI. This is another Packet Storm Security 5-star favorite. web site.
ethereal-0.5.1.tar.g..> Aug 16 17:13:50 1999 237592 Ethereal v0.5.1 - A network protocol analyzer. Examine and capture a wide variety of packet data from live networks. This version includes initial release of the wiretap library that replaces libpcap. Interfaces and packet types supported: ARP/RARP, BOOTP/DHCP, DNS, Ethernet, ICMP, IGMP, IP/TCP/UDP, IPX, LPR/LPD, OSPF, PPP, RIP, Token Ring, AppleTalk, and many others. Nice GTK GUI. web site.
ethereal-0.6.0.tar.g..> Aug 16 17:13:53 1999 319783 Ethereal 0.6.0 - Ethereal is a network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial quality analyzer for Unix. Changes: New protocols include IPv6, IPsec, FTP, TFTP, POP, Telnet, NNTP, and NetBIOS Sessions. Bugs were fixed, and internally the code was changed to be less dependent on gtk. Wiretap now provides very limited offline filtering. In addition, it can now read Network Monitor, NetXRay, and Sniffer Pro trace files. By Gerald Combs.
ethereal-0.6.1.tar.g..> Aug 16 17:13:53 1999 329919 Ethereal 0.6.1 - Ethereal is a network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial quality analyzer for Unix. Changes: Fix for packaging problem in v0.6.0; Information about building on Tru64 included. By Gerald Combs.
ethereal-0.6.2.tar.g..> Aug 16 17:13:56 1999 358138 Ethereal 0.6.2 - Ethereal is a network protocol analyzer that lets you capture and interactively browse the contents of network frames. Utilizing the excellent "wiretap" library that replaces libpcap, Ethereal now can examine and capture a very wide range of interfaces and packet types, including: ARP/RARP, BOOTP/DHCP, DNS, Ethernet, ICMP, IGMP, IP/TCP/UDP, IPX, LPR/LPD, OSPF, PPP, RIP, Token Ring, AppleTalk, and many others. The goal of the project is to create a commercial quality analyzer for Unix. Changes: A new "almost-real-time" capture and display mechanism was added. Initial support for SMB and SNMP decoding has been added, although the SMB decoding will be more useful in the future when Ethereal can de-fragment TCP transmissions. Wiretap can now read NetMon 2.0 files. By Gerald Combs.
ethereal-0.7.5.tar.g..> Sep 24 18:58:29 1999 554819 Ethereal is a network protocol analyzer for Unix. It allows you to examine data from a live network, or from a capture file on disk. One of the goals of the project is to have an application that is similar in functionality to Network Associates' NetXRay or the AG Group's EtherPeek. Although these are both excellent products, neither of them runs under Unix.
ethereal-0.7.6.tar.g..> Oct 22 12:47:37 1999 637699 Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Changes: New protocol decoders include BPDU, SNA, RIPng, PIM, Yahoo Messenger and Pager Protocol, NTP, BGP, AFS and RX, and VLAN (802.1q). Many more protocols now have fields that are filterable via Ethereal's display filter engine, the syntax for filtering on byte strings has been extended, protocol decoders that have been updated include IPv6, SMB, OSPF, POP, NBNS, and DNS, the TCP Follow window can now convert from EBCDIC, Ethereal can now read HP-UX's nettl trace-file format and some bugs were fixed as well. Homepage here. By Gerald Combs.
ethereal-0.7.7.tar.g..> Oct 28 12:09:07 1999 653377 Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Changes: Segfaults in IP and SNA were fixed, as were asserts produced from building with a non-GNU make. Ethereal will now compile on AIX, and it should find libraries better with its newly-tweaked autoconf script. Also, an ICQ decoder was added, and NTP was modified a bit. Homepage here. By Gerald Combs.
ethereal-0.7.8.tar.g..> Nov 24 11:26:21 1999 745571 Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Changes: Many new protocol decoders were added in this version. They are: RPC, NFS, IGRP, EIGRP, IMAP, LAPD, Q.931, bootparams, ypserv, mount, stat, MAPI, NLM, SAP, ILMI, SSCOP, Q.2931, VRRP, HSRP, and Auto-RP. New features include: AIX and IBM C compiler fixes, "Print" button in TCP Follow window, "Find Frame" function, "Go to frame" function, "Match selected" produces display filters with field names, Display filter "Reset" button, More filterable fields, IPv4 address comparison and subnet testing in display filters, IPX packet summary resolves IPX network names and MAC addresses, SNA packets show hex dump with EBCDIC converted to ASCII, Support for newer libpcaps, and broken RH 6.1 libpcap, Wiretap support for Toshiba ISDN router traces, and Wiretap support for ATM iptrace files. Homepage here. By Gerald Combs.
ethereal-0.7.9.tar.g..> Nov 29 15:47:19 1999 767348 Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Changes: A fix for the SMB decoder segfault bug and other protocol decoder updates, support for iptrace 1.0 (AIX3) files, etter support for NetMon 2.0 and WAN NAI Sniffer traces, Some GUI updates, and color-coded transmitted/received data in the TCP Follow window. Homepage here. By Gerald Combs.
ethereal-patch-0.6.1..> Aug 16 17:13:53 1999 14859 Ethereal 0.6.1 patch. By Gerald Combs.
ethereal-patch-0.6.2..> Aug 16 17:13:57 1999 95286 Patch to upgrade to Ethereal v0.6.2 from v0.6.1. By Gerald Combs.
etherload20.zip Aug 16 17:13:49 1999 197127 Etherload20 - no sources included, great sniffer for dos, works on a packetdriver for your nic, which you have to provide yourself.
etherspy.zip Aug 16 17:13:49 1999 348558 A sniffer based on the packet32, sources included, visual C++.
exdump-0.1.tar.gz Aug 16 17:13:52 1999 3832 exdump v1.0 is a packet watcher, dumper, and logger. TCP packets that pass a computer which exdump resides on and runs on are logged. exdump allows output to be directed to the console or to a user-defined file. exdump also has an option to only display packets which are sent to a specified port. exdump can also show you the data which was in the packet. By PolarRoot.
exdump-0.2.tar.gz Aug 16 17:13:52 1999 22648 exdump 0.2 - exdump is a packet watcher, dumper, and logger. TCP, UDP, and ICMP packets which pass a computer which exdump resides on and runs on are logged. exdump allows output to be directed to the console or to a user-defined file. exdump also has an option to only display packets which are sent to a specified port. exdump can also show you the data which was in the packet. Changes: Many changes including support for UDP and ICMP packets (besides TCP), support for BSD-type operating systems, and a better/easier installation routine. By PolarRoot.
fergie.zip Aug 16 17:13:46 1999 186065 A DOS based packet sniffer.
gdd13.c Oct 17 04:35:09 1999 19947 Ethernet Packet Sniffer 'GreedyDog' Version 1.30. The Shadow Penguin Security. Written by Unyun.
gnusniff-0.0.5.tar.b..> Aug 16 17:13:50 1999 159877 GnuSniff v0.0.5 - GnuSniff is a network packet sniffer. It aims to be the best looking, easiest to use, and most powerful packet sniffer existing under linux. This is currently at a alpha stage. It sniffs packets, and the interface is vaguely in place. Help would be very much appreciated with development and design issues. GnuSniff understands Ethernet frames, IPX, IPv4, ICMPv4,TCP, UDP and DNS. Contact the author, Peter Hawkins, to get involved.
gnusniff-0.0.6.tar.b..> Aug 16 17:13:51 1999 784336 See description above.
gobbler.zip Aug 16 17:13:46 1999 118934 Packet sniffer.
hhupd.exe Aug 16 17:13:56 1999 471840 The requisite Microsoft HTML extensions for use with Analyzer.exe (needed only if you do NOT have MSIE 4.x or 5.0 installed).
hunt-1.0.tgz Aug 16 17:13:34 1999 65688 Hunt is a tool for exploiting well known weaknesses in TCP/IP protocol. Use primarily to hijack connections, but has many other features. By Pavel Krauz.
hunt-1.1.tgz Aug 16 17:13:34 1999 66700 See above for description.
hunt-1.2.tgz Aug 16 17:13:34 1999 72336 Hunt is a program for intruding into a connection, watching it and resetting it. Hunt operates on Ethernet and is best used for connections which can be watched through it. However, it is possible to do something even for hosts on another segments or hosts that are on switched ports. Hunt doesn't distinguish between local network connections and connections going to/from Internet. It can handle all connections it sees. Connection hijacking is aimed primarily at the telnet or rlogin traffic but it can be used for another traffic too. Features: connection management (watching, spoofing, detecting, hijacking, resetting), daemons (resetting, arp spoof/relayer daemon, MAC discovery daemon for collecting MAC addresses, sniff daemon for logging TCP traffic), host resolving, packet engine (TCP, UDP, ICMP and ARP traffic; collecting TCP connections with sequence numbers and the ACK storm detection), switched environment (hosts on switched ports can be spoofed, sniffed and hijacked too). This latest release includes lots of debugging and fixes in order to get the hunt running against hosts on switched ports, timejobs, dropping IP fragments, verbose status bar, options, new connection indicator, various fixes. By Pavel Krauz.
hunt-1.3.tgz Aug 16 17:13:34 1999 73432 Hunt is a program for intruding into a connection, watching it and resetting it. Hunt operates on Ethernets and is best used for connections which can be watched through it. However, it is possible to do something even for hosts on another segments or hosts that are on switched ports. Hunt doesn't distinguish between local network connections and connections going to/from Internet. It can handle all connections it sees. Connection hijacking is aimed primarily at the telnet or rlogin traffic but it can be used for other traffic too. Features: Connection Management - setting what connections you are interested in, detecting an ongoing connection (not only SYN started), Normal active hijacking with the detection of the ACK storm, ARP spoofed/Normal hijacking with the detection of successful ARP spoof, synchronization of the true client with the server after hijacking (so that the connection don't have to be reset), resetting connection, watching connection; Daemons - reset daemon for automatic connection resetting, arp spoof/relayer daemon for arp spoofing of hosts with the ability to relay all packets from spoofed hosts, MAC discovery daemon for collecting MAC addresses, sniff daemon for logging TCP traffic with the ability to search for a particular string; Host Resolving - deferred host resolving through dedicated DNS helper servers; Packet Engine - extensible packet engine for watching TCP, UDP, ICMP and ARP traffic, collecting TCP connections with sequence numbers and the ACK storm detection; Switched Environment - hosts on switched ports can be spoofed, sniffed and hijacked too; much, much more. Just get it now! New Features and Changes in this release: Sendmsg and ENOBUFS in net.c, Locking bug in ARP relayer causing ARP relayer to lookup fixed, Locking bug (as was shown in ARP relayer) in sniffer fixed, Line mode in hijacking - useful when hijacking connections other than telnet or rlogin, synchhijack fixed for read/write==0. Requires glibc 2.0.7 or more recent, and linuxthreads. By Pavel Krauz.
hunt-1.4.tgz Oct 13 10:28:02 1999 98498 Hunt is a program for intruding into a connection, watching it and resetting it. (source code package). It has several features, which I didn't find in any product like Juggernaut or T-sight that inspired me in my development. Note that hunt is operating on Ethernet and is best used for connections which can be watched through it. However, it is possible to do something even for hosts on another segments or hosts that are on switched ports. The hunt doesn't distinguish between local network connections and connections going to/from Internet. It can handle all connections it sees. Changes from 1.3: eth tap relay - transproxy support without my eth mac spoofing, support for spoofing range of IP addresses, relaying packets in arp-relayer that are sent from/to routers, support for arp-spoof of hosts that are currently down, tpserv/tpserv.c transproxy testing program tpsetup/transproxy script for setting transproxy support mode. By Pavel Krauz.
hunt-1.4bin.tgz Oct 13 10:28:02 1999 231787 Hunt is a program for intruding into a connection, watching it and resetting it. (linux binary distribution). It has several features, which I didn't find in any product like Juggernaut or T-sight that inspired me in my development. Note that hunt is operating on Ethernet and is best used for connections which can be watched through it. However, it is possible to do something even for hosts on another segments or hosts that are on switched ports. The hunt doesn't distinguish between local network connections and connections going to/from Internet. It can handle all connections it sees. Changes from 1.3: eth tap relay - transproxy support without my eth mac spoofing, support for spoofing range of IP addresses, relaying packets in arp-relayer that are sent from/to routers, support for arp-spoof of hosts that are currently down, tpserv/tpserv.c transproxy testing program tpsetup/transproxy script for setting transproxy support mode. By Pavel Krauz.
ipaudit-0.9.tgz Nov 22 10:19:39 1999 21850 ipaudit listens to a network link using promiscuous mode and gathers statistics on network usage. For every combination of host pair, port pair and protocol, it counts bytes and packets in both directions. After a fixed interval (30 minutes for example) ipaudit can be signaled (via kill command) to output its results. The text output can be processed into reports but the raw data can also be useful identifying heavy bandwidth consumers, intrusive telnet sessions, denial of service attacks, etc. There is also an option (like tcpdump) to save raw packets to specific ports for detailed subsequent analysis with packages such as tcpdump or ethereal. Homepage here. By Jon Rifkin
ipgrab-0.6.tar.gz Aug 16 17:13:46 1999 64594 A packet sniffing tool, based on the Berkeley packet capture library, that prints complete data-link, network and transport layer header information for all packets it sees. By Mike Borella.
ipgrab-0.7.tar.gz Aug 16 17:13:52 1999 71123 ipgrab is a packet sniffing tool, based on the Berkeley packet capture library, that prints complete data-link, network and transport layer header information for all packets it sees. Specifically, this program reads and parses packets from the link layer through the transport layer, dumping explicit header information along the way. By Mike Borella, Advanced Technologies Research Center, 3Com.
ippacket-2.1.tar.gz Aug 16 17:13:53 1999 31540 ippacket 2.1 - ippacket is a command line/curses utility to construct IP/TCP/UDP/ICMP packets on a Linux system. Changes: Redid curses interface, worked out some Makefile issues. By Sean Harney.
karpski-0.101.tgz Aug 16 17:13:44 1999 145268 K-Arp-Ski v0.101 - Latest release of K-Arp-Ski network mapper, misuse detector, and sniffer. Includes threaded DNS queries, bugfixes. Gtk interface. 145k. By Brian Costello.
libpcap-0.4.tar.Z Aug 16 17:13:50 1999 209551 Packet-capturing library. Tcpdump uses this. By Lawrence Berkeley National Laboratory.
libpcap-0.4a6.tar.bz..> Aug 16 17:13:50 1999 100182 See above.
libpcap.tar.Z Aug 16 17:13:50 1999 209551 See above.
linsniff666.c Aug 16 17:13:44 1999 6861
ndump.tgz Nov 15 18:14:03 1999 3479 NDump is a collection of Perl programs to log and parse incoming packets. It is very unique in that it is one of the only loggers to log machine level information as well. Homepage here. By H1kari
netpeek-0.0.3.tar.gz Nov 24 12:07:08 1999 263348 NetPeek is a GUI-based network monitoring and diagnosis tool. It captures packets from the local network and displays them to the user in two forms: a short one-line description similar to that produced by tcpdump, and a long form that displays the contents of all fields within the packets in full. Homepage here. By Rhys Weatherley
netpeek-0.0.4.tar.gz Dec 2 12:19:57 1999 299157 NetPeek is a GUI-based network monitoring and diagnosis tool. It captures packets from the local network and displays them to the user in two forms: a short one-line description similar to that produced by tcpdump, and a long form that displays the contents of all fields within the packets in full. NetPeek also includes some useful network analysis tools similar to ping, hostname lookup, netstat, rpcinfo, and ifconfig. Changes: A fix for a nasty DNS hang problem in the previous release, farming out of DNS lookups on IP addresses to a separate process so that they don't interfere with packet capture and display, display of ethernet card vendor names next to the ethernet address, a more extensive list of recognized ethernet types in the header, addition of simple text-based packet formatting rules for telnet, FTP (control connection only), SMTP, NNTP, POP, IMAP, Gopher, and finger, some basic IPv6 work, and a number of other small cosmetic changes. Homepage here. By Rhys Weatherley
netwatch.0.8f.src.tg..> Aug 16 17:13:56 1999 116932 See above. Changes: bugfix for Netwatch Configuration File, Time Fix for Display of Statistics.
netwatch.0.8g.src.tg..> Aug 16 17:13:56 1999 116956 See above. Changes: config file bugfixes.
netwatch.0.9a.src.tg..> Aug 16 17:13:56 1999 118948 See above. Changes: Config file fixes, freeze display feature (continued monitoring for remote access), Periodic automated logging (i.e. 10:00AM each day, with cleaning).
netwatch.0.9b.src.tg..> Aug 16 17:13:57 1999 216940 See above. Changes: PPP line support (specify ppp device instead of ethernet), statistics fixed for burst info (disabled while in freeze mode).
netwatch.0.9c.src.tg..> Aug 16 17:13:57 1999 119635 See above. Changes: bugfix release. By Gordon MacKay.
netwatch.0.9d.src.tg..> Aug 16 17:13:57 1999 123310 See above. Changes: fixed a couple problems with core dumps.
netwatch0.8a.src.tar..> Aug 16 17:13:45 1999 293200 Netwatch v0.8a - ncurses-based ethernet sniffer and monitoring tool. Similar to Statnet, but with nicer graphics and more features.
netwatch0.8e.src.tgz Aug 16 17:13:52 1999 116553 NETWATCH v0.8e monitors ethernets for hosts, packet counts, protocols and displays in ncurses format with colors indicating hosts activity (Red current / Yellow > 1min / Green > 5min / Blue > 30min), provides an ethernet "top" program for isolating high bandwidth hosts, allows selection of individual hosts (Remote or Local) and monitors the transmissions, provides Router statistics using passive monitoring (rather than querying the router box itself), much more. By Gordon MacKay.
netxmon_0.6.tgz Aug 16 17:13:50 1999 166273 NetXMon v0.6 is a session-based network sniffer with an X interface, and is based on ttywatcher. For Linux and Solaris. By Zhang Qianli.
ngrep-1.35-static-li..> Oct 25 15:06:58 1999 175968 Static linux binary for ngrep 1.35.
ngrep-1.35.tar.gz Oct 25 15:06:58 1999 90466 ngrep is an awesomly powerful network too which strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. Changes: An updated udp match optimization, -v (version) is now -V, and -v has become inverted match, -d lo (null linktype) and the ability to match proto icmp have been added, along with an updated configure.in to handle old installations of pcap more gracefully. Homepage here. By no carrier.
nstreams-0.99.3.tar...> Oct 20 11:45:51 1999 59286 nstreams is a program that analyzes the networks streams occuring on a network and prints them in a human readable form. This is useful when you want to set up a firewall but do not know your needs/the needs of your customers. nstreams can read tcpdump output files or directly listen on a given interface, and may even produce ipchains (Linux) or ipfw (BSD) firewall rules instead of printing the streams, letting you build your firewall automagically. Homepage here. By Renaud Deraison.
nstreams-1.0.0.tar.g..> Nov 12 08:38:54 1999 58184 nstreams is a program that analyzes the networks streams occuring on a network and prints them in a human readable form. This is useful when you want to set up a firewall but do not know your needs/the needs of your customers. nstreams can read tcpdump output files or directly listen on a given interface, and may even produce ipchains (Linux) or ipfw (BSD) firewall rules instead of printing the streams, letting you build your firewall automagically. Homepage here. By Renaud Deraison.
packet32.zip Aug 16 17:13:49 1999 139412 packetdriver source code (32bit) from Christopher Chlap, for those who want to code their own Windows 95/98/NT sniffers.
pasmon-0.5.tar.gz Nov 2 10:24:42 1999 146035 Pasmon is a graphical passive network monitor. It provides statistics on every host and TCP connection heard on the specified interface[s], probes the system to find valid devices and provides a toolbar button which activates monitoring each device. Currently stable, but with missing features. Screenshot here. Homepage here. By Andrae Muys
pasmon.jpg Nov 2 12:33:34 1999 63339
pcapture-0.2.1.tar.Z Aug 16 17:13:51 1999 85191 pcapture is a tool for capturing packets from the network. 83k. By Lawrence Berkeley National Laboratory.
pptp-sniff.tar.gz Aug 16 17:13:44 1999 11705 PPTP Sniffer for L0phtCrack. This will sniff PPTP authentication and output the challenge and password hashes just like our readsmb sniffer that comes with the l0phtcrack distribution. This only works with Solaris right now. Read Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP) for further info.
pptp.html Aug 16 17:13:45 1999 3176
promisc.c Aug 16 17:13:44 1999 2733
py-libpcap-22Feb99-0..> Aug 16 17:13:49 1999 57705 This is a Python module that interfaces to libpcap, the UNIX packet capture library. This can be used for many purposes including network debugging, traffic analysis, intrusion detection. The packet capture uses libpcap but allows you to specify a Python function as the handler. By readsmb.c Aug 16 17:13:44 1999 9735 An implementation of the SMB sniffer that comes with l0phtcrack for UNIX.
readsmb2.c Aug 16 17:13:45 1999 9728 Improved SMB sniffer for use with l0phtcrack 2.0. By Basement Research.
screenshot04.gif Nov 8 11:06:49 1999 30137
sniffer-analysis.htm Aug 16 17:13:44 1999 14313
sniffing-faq.html Oct 18 12:02:43 1999 113880 Excellet FAQ on packet sniffing. By Robert Graham
sniffit-FAQ.html Aug 16 17:13:44 1999 4282
sniffit.0.3.5.p1.tar Aug 16 17:13:44 1999 10240
sniffit.0.3.7.beta.t..> Aug 16 17:13:44 1999 212419
snmpsniff-0.6b.tar.g..> Aug 16 17:13:44 1999 248153 SNMP Sniffer - promiscualy listen on your network segment (or LAN), decode and print all the information that goes inside any SNMPv1 and SNMPv2 (Community Based) PDU. By Nuno Leitão.
snmpsniff-0.8b.tar.g..> Aug 16 17:13:44 1999 34546 SNMP promiscuous packet sniffer/decoder.
snmpsniff-1.0.tar.gz Aug 16 17:13:53 1999 44510 SNMP Sniff v1.0 allows you to decode any SNMPv[1,2]c packets that go through your network. It shows just about everything you need to know about the PDU, including errors, variable bindings, etc. It's a must as a sidekick for network management platforms. SNMP Sniff runs on Solaris and Linux. Other extra features are Community, PDU type, and OID filtering of packets and a simple Perl Curses user interface. By Nuno Leitao.
snoop.c Aug 16 17:13:45 1999 9283 a quick IRIX sniffer, by morpheus.
snoop.zip Aug 16 17:13:49 1999 61571 Famous old DOS sniffer.
snoop2.c Aug 16 17:13:53 1999 11881 Sn00py.c is a quick and dirty packet sniffer for SGI IRIX. This latest release of the super lightweight packet sniffer incorporates a 'depromiscuator' function to avoid setting off the IFF_PROMISC flag. By morpheus.
snort-0.96.tar.gz Aug 16 17:13:50 1999 54662 Snort is a libpcap-based sniffer/packet logger. It's fairly portable and tested on Solaris 2.5.1 (Sparc), Solaris 2.6 (x86), Linux, and FreeBSD. By Martin Roesch.
snort-0.97.tar.gz Aug 16 17:13:51 1999 55205 Snort v0.97 - packet logger - This program reads and parses packets from the link layer through the transport layer, dumping explicit header information along the way. Good logging capabilities, useful for IDS, debugging network code. By Martin Roesch.
snort-0.98.tar.gz Aug 16 17:13:51 1999 63963 Snort v0.98 - packet logger - This program reads and parses packets from the link layer through the transport layer, dumping explicit header information along the way. Good logging capabilities, useful for IDS, debugging network code. It now supports rules based logging and tracks conversations better. By Martin Roesch.
snort-0.99.tar.gz Aug 16 17:13:51 1999 67442 Snort v0.99 - packet logger - This program reads and parses packets from the link layer through the transport layer, dumping explicit header information along the way. Good logging capabilities, useful for IDS, debugging network code. It now supports rules based logging and tracks conversations better, incorporates content based logging and automatic rules sorting. 66k. By Martin Roesch.
snort-0.99b1.tar.gz Aug 16 17:13:52 1999 68489 Snort v0.99b1 is a packet logger that reads and parses packets from the link layer through the transport layer, dumping explicit header information along the way. Good logging capabilities, useful for IDS, debugging network code. It now supports rules based logging and tracks conversations better, incorporates content based logging and automatic rules sorting, includes lots of bugfixes, and has improved ICMP filenames. By Martin Roesch.
snort-0.99b2.tar.gz Aug 16 17:13:52 1999 70749 Snort v0.99b2 is an extremely versatile packet logger. This version features dramatic speed improvements, a more logically laid out packet header print out, packet statistics, fragment detection, and more complete IP header decoding. One of the few "5 Star, Must Have!" programs around. By Martin Roesch.
snort-0.99b3.tar.gz Aug 16 17:13:52 1999 71308 See descriptions above. Improved timestamping (down to the millisecond) implemented in this version.
snort-0.99rc3.tar.gz Aug 16 17:13:52 1999 75469 Snort v0.99rc3 is an extremely versatile packet logger. This version features dramatic speed improvements, a more logically laid out packet header print out, packet statistics, fragment detection, and more complete IP header decoding. Improved timestamping (down to the millisecond) implemented. This release has TCP and IP option decoding, and some new rules stuff. You can now specify port ranges (or greater than/less than) and TCP flags in rules. This allows you to do things like this: alert tcp any any -> 192.168.1.0/24 :1024 {SF} <SYN FIN scan on priv ports!> which will alert on all TCP traffic below port 1024 on both SRC and DST IP or this: alert tcp any any -> 192.168.1.0/24 6000:6010 <X access attempt!> which will pick out inbound traffic going ports 6000 thru 6010. Also includes bugfixes, cleaned up fragment printout routines, truncated packet fragments get dumped in their own file, rules processor routine recoded and more flexible, much more. Several important bugfixes in this release, plus recoded IP/TCP option decoding, revised packet printout routines, and now logs illegal TCP and IP options as well in an IP_BOGUS log file. By Martin Roesch.
snort-0.99rc5-lib Aug 16 17:13:52 1999 3482 snort-0.99rc5-lib is a set of example Snort rules. It's a short one, about 43 rules total, but it gives a good overview of the basic rule types and how to use the pattern matcher properly. This version of snort-lib includes a new buffer overflow (named) and some other stuff. By Martin Roesch.
snort-0.99rc5.tar.gz Aug 16 17:13:52 1999 77438 Snort v0.99rc5 is an extremely versatile packet logger. This version features dramatic speed improvements, due to improved Boyer-Moore pattern match routine optimizations, a more logically laid out packet header print out, packet statistics, fragment detection, more complete IP header decoding, a new command line switch ("-e") to display/log the Ethernet header, plus TOS field and IP Fragment ID field display/logging. Improved timestamping (down to the millisecond) implemented. This release also has TCP and IP option decoding, and lots of new rules. You can now specify port ranges (or greater than/less than) and TCP flags in rules. This allows you to do things like this: alert tcp any any -> 192.168.1.0/24 :1024 {SF} <SYN FIN scan on priv ports!> which will alert on all TCP traffic below port 1024 on both SRC and DST IP or this: alert tcp any any -> 192.168.1.0/24 6000:6010 <X access attempt!> which will pick out inbound traffic going ports 6000 thru 6010. Also includes bugfixes, cleaned up fragment printout routines, truncated packet fragments get dumped in their own file, rules processor routine recoded and more flexible, much more. Several important bugfixes in this release, plus recoded IP/TCP option decoding, revised packet printout routines, and now logs illegal TCP and IP options as well in an IP_BOGUS log file. By Martin Roesch.
snort-0.99rc6-lib Aug 16 17:13:50 1999 5039 snort-0.99rc6-lib is a set of example Snort rules. It's short, but gives a good overview of the basic rule types and how to use the pattern matcher properly. This version of snort-lib includes alot of new stuff. By Martin Roesch.
snort-0.99rc6.tar.gz Aug 16 17:13:51 1999 80950 Snort v0.99rc6 is an extremely versatile packet logger. This version of Snort has a new rules set implementation. The new set is more flexible and easier to add new user requested rule types to from a programmatic standpoint. It also includes new rule types to be able to detect TTL values and ICMP type/codes. Rc6 also has a completely rewritten, unified reporting system, so the output is consistent across all output file types (logs/alerts/fragments/etc). By Martin Roesch.
snort-1.0-lib Aug 16 17:13:51 1999 5234 snort-1.0-lib is a set of example Snort rules. It's short, but gives a good overview of the basic rule types and how to use the pattern matcher properly. This version of snort-lib includes alot of new stuff. By Martin Roesch.
snort-1.0.1-lib Aug 16 17:13:56 1999 12165 This snort-lib ruleset for the latest version of snort has over 150 rules. By Martin Roesch.
snort-1.0.1-lib-prop Aug 16 17:13:57 1999 15969
snort-1.0.1.tar.gz Aug 16 17:13:56 1999 84225 Snort 1.0.1 - Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging which can perform content searching/matching and may be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog or a seperate "alert" file. Changes: Lots of little bug fixes, plus resolved some issues on big endian hardware, fixed some bugs under Solaris to make the system compile cleanly "out of the box". Also added HP-UX and S/Linux support, new command line switch "-x" to explicitly turn on IPX decoding (such as it is) as a sanity measure for people in mixed protocol environments and added packet summary statistics upon exit. By Martin Roesch.
snort-1.0.1.tar.gz-p..> Aug 16 17:13:57 1999 85814
snort-1.0.tar.gz Aug 16 17:13:52 1999 81049 Snort is a libpcap-based packet sniffer/logger. It reads and decodes packets from the link layer through the application layer, dumping the decoded packet data. It can log these packets in their decoded form to directories which are generated based upon the IP address of the remote computer. This allows it to be used as a sort of "poor man's intrusion detection system" if you specify what traffic you want to record and what to let pass. Changes: Added RAW/PPP and SLIP decoding, new command line option to change the order in which the rules are applied for the rules based logging subsystem and there is also a new option to send the alert messages to syslog. By Martin Roesch.
snort-1.3.1.tar.gz Oct 13 10:28:02 1999 111999 Version 1.3.1 of Snort, the lightweight network intrusion detection system. Version 1.3.1 fixes an annoying crash bug, plus enhances a number of features of the program. Invalid ICMP types/codes can now be filtered or monitored, the tcpdump file playback facility can use BPF filters, and the packet payload size check keyword now accepts greater than/less than modifiers. By Martin Roesch
snort-1.3.tar.gz Sep 27 14:12:56 1999 110832 Snort 1.3, the lightweight network intrusion detection system. This version has a number of new features, including four new command line switches, three new rule options, two new rule operators, performance enhancements, and bug fixes. The official Snort homepage is here.
snort-lib Aug 16 17:13:51 1999 3833 snort-lib is a set of example Snort rules. It's a short one, about 43 rules total, but it gives a good overview of the basic rule types and how to use the pattern matcher properly. By Martin Roesch.
snort-stat.pl Dec 3 13:16:52 1999 5643 snort-stat.pl does statistical analysis on snort logfiles. It's setup to process the syslog alerts that Snort creates and generate a bunch of relavent statistics about the current alerts. If you read the beginning of the script, it tells you how to activate the program as a cron job to provide daily reports of activity recorded by Snort. By Yen-Ming Chen
snortlog.pl Dec 3 13:13:37 1999 1682 snortlog.pl is a Perl script which looks up the hostnames of machines mentioned in a snort IDS alert and outputs the relavent information in a nice list. By Angelos Karageorgiou
solsniff.c Aug 16 17:13:44 1999 19596
sources.zip Aug 16 17:13:48 1999 3435035 Complete C/C++ source code for the Windows 95/98/NT ports of TcpSlice, TcpDump, PacketNT, Packet95, libpcap, and Analyzer. By Piero Viano.
spy-3.1.22-Linux-2.x..> Oct 20 11:18:01 1999 1046584 SPY is a LAN Protocol Analyzer running on UNIX platforms. It has a built-in interface to capture LAN traffic via a network interface. This capture facility supports Ethernet, FDDI, SLIP/CSLIP, PPP and PLIP. SPY also provides a so called User Capture Interface (UCI), where own programs can feed SPY with their packets. Of course, captured data can be stored to files in binary format for later analysis. The capture facility provides prefilters on the MAC and IP layer (this does not mean, that SPY only supports IP networks). i386 version. Homepage here. By Christian Lorenz.
spynet206.exe Nov 8 20:58:49 1999 1997251 SpyNet v2.06 is a sniffer for Win 95 / Win 98 which can recompose the original TCP sessions from the composing packets. Reconstructs telnet sessions, e-mail messages, POP3 logins, etc. Also has the ability to fake cookies it sniffs. Screenshot here. Homepage here. By Nicula Laurentiu
ss-1.3.tgz Nov 29 16:37:57 1999 797002 Super Sniffer is a combination of esniff.c and tcpdump. It also supports a plethora of other options including DES encryption on log files, user monitoring, forwarding logs regularly to a secondary host, and NFS file handle sniffing. It uses the libpcap and GNU regular expression pattern-matching libraries. Super Sniffer will incorporate in-kernel filtering using the Berkeley Packet Filter (bpf) on hosts that provide it. This allows network sniffing on busy networks with much fewer packet drops. Super Sniffer is meant to be a an all-in-one sniffer, combining all the features of the scores of architecture-specific sniffers around, and it will compile and sniff on virtually anything. Homepage here. By Ajax
suck.c Aug 16 17:13:49 1999 1172 Sample for very simple sniffer. By CyberPsychotic.
tcpdump-3_4a5_tar.gz Aug 16 17:13:49 1999 187298 Sniffer for Linux.
tcpflow-0.10.tar.gz Aug 16 17:13:52 1999 50240 tcpflow 0.10 - tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. tcpflow understands TCP sequence numbers and will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery. Each stream is stored in a separate file for later analysis. tcpflow is portable to virtually all UNIX platforms due to its use of GNU autoconf and the portable LBL packet capture library. Initial public release. By Jeremy Elson.
tcpflow-0.11.tar.gz Aug 16 17:13:52 1999 51958 tcpflow 0.11 - tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. tcpflow understands TCP sequence numbers and will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery. Each stream is stored in a separate file for later analysis. tcpflow is portable to virtually all UNIX platforms due to its use of GNU autoconf and the portable LBL packet capture library. Changes: Better portability, numerous bugfixes and code optimizations. By Jeremy Elson.
tcpflow-0.12.tar.gz Aug 16 17:13:51 1999 69611 tcpflow 0.12 - tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. tcpflow understands TCP sequence numbers and will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery. Each stream is stored in a separate file for later analysis. tcpflow is designed to be portable, using the LBL packet capture library and GNU autoconf. It works under most UNIX platforms and for most common network interface types (ethernet, PPP, loopback, etc.). Changes: Capturing using the Linux loopback interface now works and more portability fixes (IRIX, Linux libc5, non-GCC compilers). By Jeremy Elson.
tcpslice-1.1a3.tar.Z Aug 16 17:13:51 1999 96447 tcpslice is a tool for extracting portions of packet trace files generated using tcpdump's -w flag. 94k. By Lawrence Berkeley National Laboratory.
tcptrace_tar.gz Aug 16 17:13:49 1999 1011455 Tcptrace - analyzer for tcpdump logfiles.
tgk-log-2.2.tar.gz Aug 16 17:13:50 1999 19865 tgk-log 2.2 - A remade version of linsniffer, no longer recording just contents of a packet but some additional information. Designed to be used for logging the traffic through a ipmasq gateway. More TCP, UDP, ICMP support, and code optimization with this release. By The c5 Project.
tgk-log-2.3.tar.gz Aug 16 17:13:51 1999 19835 tgk-log 2.3 - A remade version of linsniffer, no longer recording just contents of a packet but some additional information. Designed to be used for logging the traffic through a ipmasq gateway. More TCP, UDP, ICMP support, date bug fixed, correctly logs a ip-masq gateway with 2.2.x kernel, and code optimization with this release. 19k. By The c5 Project.
tgk-log.tar.gz Aug 16 17:13:50 1999 4035 tgk-log 2.1 - A remade version of linsniffer, no longer recording just contents of a packet but some additional information. Designed to be used for logging the traffic through a ipmasq gateway. UDP & ICMP support, and code optimization with this release. By The c5 Project.
thewesp-1.0pre3.tar...> Aug 16 17:13:57 1999 163875 The WESP 1.0pre3 - The WESP captures packets on an Ethernet, Loopback or PPP device and places these packets into a MySQL database. The sniffers settings can be entered/modified with an HTML form. Settings include triggers and filters. The packets can be viewed in textual or graphic form. Supported protocols include IP, IPX, TCP, UDP, ICMP, ARP. RPMs (source and binary) are available from the homepage. Changes: This is the first release of The WESP. For more information see the homepage. By Derick Rethans, Bjorn Vermeulen, Jeroen Scheeres.
traffic.c Nov 1 12:03:17 1999 2732 Simple parser for tcpdump output. Gives the fields Time, Src Addr, Src Port, Dst Addr, Dst Port, Proto, and Len. Homepage here. By Andrae Muys
vpacket.zip Aug 16 17:13:49 1999 64511 packetdriver source code (16bit) from Christopher Chlap, for those who want to code their own Windows 95/98/NT sniffers.
websniffer.zip Aug 16 17:13:49 1999 3062 Websniffer - two perls scripts which uses tcpdump to sniff webtraffic.
weedlog-1.0.0-pre1.t..> Oct 21 16:15:20 1999 10849 weedlog is a packet logger designed to help in debuging network connections on non-router systems. It currently supports the ICMP, TCP, and UDP protocols, but is still early in development. weedlog supports sending output to stdout, a file, or to syslog. Homepage here. By Phil Jones
weedlog-1.0.0.tar.gz Nov 4 12:07:59 1999 20193 weedlog is a packet logger designed to help in debugging network connections on non-router systems. It currently supports the ICMP, IGMP, TCP, and UDP protocols. weedlog supports sending output to stdout, a file, or to syslog. Changes: Fixes for all glibc2 and other Linux bugs, output has been changed to reflect the destination address of packets as well as the source address, and some documentation has been written. Homepage here. By Phil Jones
xip-1.2.tar.gz Aug 16 17:13:53 1999 372971 Xip is a "human ip stack". It acts like tcpdump(8) but with the possibility of changing packet values, creating packets and sending them. It displays packets ala "Steven's book". It has been designed in C language and in an object-like fashion. Everythingwas made up to increase speed. It is configurable and extensible by adding plugins. Currently, it supports (nearly) all the protocols described in "Stevens book". But there is some more work to do on it. By Martin Gall.
xip-1.3.0.tar.gz Aug 16 17:13:57 1999 296145 Xip is a "human ip stack". It acts like tcpdump(8) but with the possibility of changing packet values, creating packets and sending them. It displays packets ala "Steven's book". It has been designed in C language and in an object-like fashion. Everythingwas made up to increase speed. It is configurable and extensible by adding plugins. Currently, it supports (nearly) all the protocols described in "Stevens book". But there is some more work to do on it. Changes: too many to list. By Martin Gall.
xipdump-1.5.0.tgz Nov 8 17:31:48 1999 313898 Xipdump is a protocol analyzer and tester. It's a kind of graphical tcpdump(8) with possibility of changing packet values and resending them. It could be also defigned by the term "human IP stack". Graphical representation of a packet is intended to have a complete, customizable view at a glance. By Vianney Rancurel
xipdump-1.5.1.tgz Nov 12 13:21:46 1999 33484 Xipdump is a protocol analyzer and tester. It's a kind of graphical tcpdump(8) which adds the possibility of changing packet values and resending them. The graphical representation of a packet is intended to offer a complete, customizable view at a glance. Changes: More stability, and a port to OpenBSD. By Vianney Rancurel
xipdump-1.5.2.tgz Nov 16 15:16:41 1999 326284 Xipdump is a protocol analyzer and tester. It's a kind of graphical tcpdump(8) which adds the possibility of changing packet values and resending them. The graphical representation of a packet is intended to offer a complete, customizable view at a glance. Changes: A port to Solaris. By Vianney Rancurel
Copyright © 1999 Kroll-O'Gara Information Security Group, All Rights Reserved. Legal Notice
