TCPDUMP | Network Sniffing Tool


Tcpdump is similar to what Wireshark in which i have explained earlier in my posts.  It captures packets that travels through your network into your computer disregarding whether it is from the Internet or your inner network.  Tcpdump is a command line utility whereby you would have to set the options before you proceed in capturing packets.  This application is very useful especially for network administrators as well as security analyst to analyze threats that are in the system.  Personally, i run tcpdump on my Ubuntu laptop.  To get tcpdump on your Ubuntu, type “sudo apt-get install tcpdump”.  The thing is that tcpdump runs in Linux based machines while it is called WinDump in the Windows operating system.  Basically it is up to you to run tcpdump in Linux, WinDump in Windows or Wireshark (Linux/Windows) but the most important thing is how good are you at using it.

Source: http://www.tcpdump.org/

Advertisements

Wireshark | Network Sniffing Tool


Wireshark is one of the tools that help you identify incoming and outgoing packets be it UDP or TCP level, ICMP or IP level.  Wireshark is a tool that intercepts packets and analyze them.  One of the helpful tool that helped me analyze how website POST GET works for my projects, it is considered user friendly thanks to its Graphical User Interface.  The GUI of Wireshark is one of its strong points.  You are able to look at a list of tens and thousands of packets and filter them according to your need with conditional statements.  Wireshark is capable of running in both Linux and Windows. Read the rest of this entry »

Land Attack!


A LAND (Local Area Network Denial) attack is a DoS (Denial of Service) attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up. The security flaw was actually first discovered in 1997 by someone using the alias “m3lt”, and has resurfaced many years later in operating systems such as Windows Server 2003 and Windows XP SP2.

Source: http://en.wikipedia.org/wiki/LAND

By using the tool hping3 by Hping, this packet can be crafted!  Although most firewalls are already there to stop this, this concept is nonetheless creative.  A similar command from hping3 would include:

hping3 --baseport 80 --destport 80 --syn --spoof TARGET_IP TARGET_IP

Hping | Network Security Tool


hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. Read the rest of this entry »

Nirsoft


Nirsoft is a website where you can find utilities for nearly every possible need in computing!  Doesn’t matter whether you’re a programmer, network administrator, forensics specialist or a nobody, Nirsoft provide tools that are useful for everyone.  You can find password recovery tools (where hackers usually use them for their malicious intent), or system tools where you can view detailed information of your computer (although you would require certain knowledge to understand them).

Visit NirSoft here.

Nmap Security Scanner | Port Scanning | Tool


Nmap (“Network Mapper”) is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).

Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in eight movies, including The Matrix Reloaded, Die Hard 4, and The Bourne Ultimatum.

Nmap is …

  • Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
  • Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
  • Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
  • Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as “nmap -v -A targethost“. Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
  • Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
  • Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
  • Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.
  • Acclaimed: Nmap has won numerous awards, including “Information Security Product of the Year” by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.
  • Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.

Source: nMap – Free Security Scanner For Network Exploration & Security Audits.

Analyzing network packets


Those of you that think of yourself as a hacker, do you know what does a network packet look like?  Have you ever read network packets in your life, do you know how they work?  Take a look in the TCP packet below and try to figure out what the packet is doing as well as getting the source ip address and port of the sender.

00 1c f0 39 8e 45 00 1c  f0 8a a1 71 08 00 45 00
00 34 06 6e 40 00 80 06  9a 0e c0 a8 01 02 45 a2
52 fb c0 a7 00 50 a1 f6  7c bb 00 00 00 00 80 02
20 00 15 25 00 00 02 04  05 b4 01 03 03 02 01 01
04 02

Tips: Think of the packet as an Ethernet frame.