Free netbios software for linux

NBFW is a smb forwarder. With the Samba NetBIOS forwarder, nbfw, you can browse the local windows network transparently to and from your masqueraded network.

This will most likely be of use for people who have Windows machines on a backend network who want to browse the Network Neighbourhood on the normal network though their masquarading firewall.

If your Samba is not working ok, NBfW will not work, too. NBfW can cause major problems if you dont configure it correctly. And it has ... It really helps to know what youre doing.

NMB Scanner scans the shares of a NetBIOS/SMB network, using the NMB/SMB/NetBIOS protocols. It is useful for acquiring information on a local area network for such purposes as security auditing.

It can obtain such information as NMB/SMB/NetBIOS/Windows hostname, IP address, IP hostname, ethernet MAC address, Windows username, NMB/SMB/NetBIOS/Windows domain name, and master browser.

It can discover all the NMB/SMB/NetBIOS/Windows hosts from a LAN by using the hosts lists maintained by master browsers.

Knetdump is a net-tool for analysing and visualizing basic protocols of the OSI layer 1-4. It is made to improve a university lecture/reading.

There are four different views:
- the ISO/OSI referencemodel, discribingg the different layers of the OSI-model.
- the trafficview, similary to Qtraffic,, shows connections on the net.
- the headerview shows each received paccket on the net in an header-like structure - the chatview shows ARP and TCP connecttions between two given hosts.

Linklayer supported: Ethernet, PPP (untested), Slip(untested), Token Ring
Protocols supported: ARP, IP, TCP, UDP, IPX/SPX (untested), NETBIOS (untested)

LISa is a small daemon which is intended to run on end user systems. It provides something like a "network neighbourhood", but only relying on the TCP/IP protocol stack, no smb or whatever. The information about the hosts in your "neighbourhood" is provided via TCP port 7741.

LISa supports two ways of searching for hosts, the first method is to send ICMP echo request packets to the hosts, the second one is to send NetBIOS broadcasts using nmblookup. In order to keep network load low various strategies are implemented. There is also a basic security mechanism. For environments with stricter security rules there is also a restricted version, resLISa. LISa should compile and work under the usual unix flavours (linux, *bsd, solaris,...), it might have problems on 64 bit machines and it definitly doesnt work with IPv6. It provides some special support for KDE , but it is completely independant, it requires neither the Qt library nor any KDE stuff.

In the configuration file of LISa you provide a range of IP-addresses which LISa should check wether they are running. In the most simple case this could be your network address/subnetmask, then LISa would check every possible host of your network wether it is up. The hosts are checked using ICMP echo requests. To be able to send and receive ICMP echo requests and replies the program has to open a so called "raw socket". Therefor it needs root privileges. This socket is opened right after the start of the program, after successfully opening the socket root privileges are dropped immediatly (see main.cpp and strictmain.cpp). If you configure LISa this way, that it also uses nmblookup, it will popen("nmblookup "*""); and then parse the results.

Since the ICMP requests and the broadcasts can cause some network traffic if there are more than one such server running in one network, the servers cooperate with each other. Before they start pinging (or nmblookup), they send a broadcast on port 7741.
If somebody answers this broadcast, they will retrieve the complete list of running hosts via TCP port 7741 from this host and will not start to ping (or nmblookup) theirselves. If nobody answers, the host which sent the broadcast will start pinging the hosts (or nmblookup) and then open a socket which listens for the mentioned broadcasts. If the host received an answer to his broadcast, it wont have the socket for listening to the broadcasts open. So usually exactly one of the servers will have this socket open and only this one will actually ping (or nmblookup) the hosts. In other words, the servers are lazy, they work like "I will only do something if nobody else can do it for me".

There is another feature which reduces the network load. Lets say you configured LISa to update all 10 minutes. Now you dont access your server very often. If nobody accessed the server during the last update period, the server will update (either itself or from the one which actually does the work) and then double its update period, i.e. the next update will happen after 20 minutes. This will happen 4 times, so if nobody accesses the server with update period 10 minutes for a long time, its update interval will grow up to 160 minutes, almost three hours. If then somebody accesses the data from the server, he will get an old list ( up to 160 minutes old). With accessing the server will reset its update interval to its initial value, i.e. 10 minutes and immediatly start updating if the last update is more than these 10 minutes over. This means if you get a very old list, you can try some seconds later again and you should get a current version. This will have fast effect for the servers, which dont ping (or nmblookup) theirselves, since only one user usually accesses them, and it will have less effect for the server which does the pinging (or nmblookup), since this server is accessed from all other servers in the network.

This way it is possible that many hosts in a network run this server, but the net load will remain low. For the user it is not neccessary to know wether there is a server (i.e. a name server or fileserver or whatever) in the network which also runs LISa. He can always run LISa locally and LISa will detect if there is one existing, transparently to the user.

If you dont want that your LISa takes part in the broadcasting, but always does the pinging itself, make it use another port with the command line option --port or -p. This is not recommended !

If you send SIGHUP to LISa, it will reread its configfile. If you send SIGUSR1 to LISa, it will print some status information to stdout.

ARPSpoofDetector performs active and passive detection of ARP spoofing and IP (IPv4) address collision. The program can send healing packets with regular ARP information.
ARPSpoofDetector is new GPL project initialized by NetMasters.CZ customers (specially 100MEGA Distribution). We didnt find suitable intrusion detection system or another applicable software to solve ARP spoofing detection and IP collision without false alarms and with easy configuration for our customers.
Main features:
- passive ARP spoofing detection from broadcast ARP reply packets
- passive IP collision detection from broadcast ARP packets and netbios packets
- active IP collision detection by sending ARP request packets
Log example:
Mon Jul 23 21:49:26 2007
Warning: IP 192.168.1.10 collision detected!
SERVER MAC address: 00:4f:ED:7C:3A:B9
ATTACKER MAC address: 00:20:38:7C:3A:CE
Attacker NETBIOS name: PERSEUS
Attacker NETBIOS group: WORKGROUP
Last attacker IP was 192.168.1.9
IP changes history:
From: Mon Jul 23 21:48:47 2007 To: Mon Jul 23 21:49:10 2007 was IP 192.168.1.3 (maybe over DHCP)
From: Mon Jul 23 21:49:10 2007 To: Mon Jul 23 21:49:26 2007 was IP 192.168.1.6 (maybe over DHCP)

EtherApe is a GNOME/pcap-based etherman, interman, and "tcpman" clone. It displays network activity graphically. Active hosts are shown as circles of varying size, and traffic among them is shown as lines of varying width.
EtherApe project supports Ethernet, FDDI, Token Ring, ISDN, PPP, and SLIP. Additional statistics windows will let you concentrate on protocols or nodes.
Main features:
- Network traffic is displayed graphically. The more "talkative" a node is, the bigger its representation.
- Node and link color shows the most used protocol.
- User may select what level of the protocol stack to concentrate on.
- You may either look at traffic within your network, end to end IP, or even port to port TCP.
- Data can be captured "off the wire" from a live network connection, or read from a tcpdump capture file.
- Live data can be read from ethernet, FDDI, PPP and SLIP interfaces.
- The following frame and packet types are currently supported: ETH_II, 802.2, 803.3, IP, IPv6, ARP, X25L3, REVARP, ATALK, AARP, IPX, VINES, TRAIN, LOOP, VLAN, ICMP, IGMP, GGP, IPIP, TCP, EGP, PUP, UDP, IDP, TP, IPV6, ROUTING, RSVP, GRE, ESP, AH, ICMPV6, EON, VINES, EIGRP, OSPF, ENCAP, PIM, IPCOMP, VRRP; and most TCP and UDP services, like TELNET, FTP, HTTP, POP3, NNTP, NETBIOS, IRC, DOMAIN, SNMP, etc.
- Data display can be refined using a network filter.
- Display averaging and node persistence times are fully configurable.
- Name resolution is done using standard libc functions, thus supporting DNS, hosts file, etc.

KSalup is a KDE application which allows Linux users to receive and send popup messages to other computers on a local area network (LAN).
KSalup is compatible with many other programs such as Microsoft Winpopup, Kurupop, Linpopup, Salup, and any others which use the SMB messaging protocol.
Main features:
- Netbios over UDP protocol.
- Netbios over TCP protocol through Samba.
- Netbios names support.
- Messages filtering.
- Messages forwarding.
- Automatic answering.
- Automatic archiving of incoming and sent messages.
- Network browsing (LAN).
- Handling of workgroup, host name and aliases.
- Tray icon (KDE).
- Support for printing.
- Support for public and private user-defined aliases.
- Online indicator, now compatible with Salup, Kurupop and Pipop.
- Quick user-defined messages.
- Sound attachment.
- Support for different character encodings for internationalisation (UTF-8, Microsoft codepages, ...).
- Possibility of sending messages from the shell command line.
Enhancements:
- A menu item "Delete all messages" has been added to easily clear the messages list.
- The option "Clear the messages list on exit" has been adde

Guarddog is a firewall configuration utility for Linux systems. It is aimed at two groups of users. Novice to intermediate users who are not experts in TCP/IP networking and security, and those users who dont want the hastle of dealing with cryptic shell scripts and ipchains/iptables parameters.
Main features:
- Easy to use goal oriented GUI. You say what the firewall should do without having to explain all the details of how it should do it.
- Application protocol based. Unlike other tools, Guarddog does not require you to understand the ins and outs of IP packets and ports. Guarddog takes care of this for you. This also reduces the chances of configuration mistakes being made which are a prime source of security holes.
- Doesnt just generate the firewall once and forgets it. Guarddog lets you maintain and modify the firewall in place.
- Hosts/networks can be divided into Zones. Different zones can have different security policies for different.
- Supports the following network protocols: FTP, SSH, Telnet, Linuxconf, Corba, SMTP, DNS, Finger, HTTP, HTTPS, NFS, POP2, POP3, SUN RPC, Auth, NNTP, NETBIOS Name Service, NETBIOS Session Service, IMAP, Socks, Squid, pcANYWHEREstat, X Window System, Traceroute, ICQ, PowWow, IRC, PostgreSQL, MySQL, Ping, Quake, QuakeWorld, Quake 2, Who Is, Webmin, ICMP Source Quench, ICMP Redirect, Real Audio, Line Printer Spooler, syslog, NTP, NetMeeting, Gnutella, LDAP, LDAP-SSL, SWAT, Diablo II, Nessus, DHCP, AudioGalaxy, DirectPlay, Halflife, XDMCP and Telstras BigPond Cable, CDDB, MSN Messenger, VNC, PPTP, Kerberos, klogin, kshell, NIS, IMAPS, POP3S, ISAKMP, CVS, DICT, AIM, Fasttrack, Kazaa, iMesh, Grokster, Blubster, Direct Connect, WinMX, Yahoo! Messenger, AH, ESP, Jabber, EsounD, Privoxy, eDonkey2000, EverQuest, ICP, FreeDB, Elster, Yahoo games, Legato NetWorker backups, Novell Netware 5/6 NCP, Bittorrent, rsync, distcc, Jabber over SSL, PGP key server, Microsoft Media Server and gkrellm.
- Protocols not supported in the list above can be entered in directly.
- Supports router configurations.
- Runs on KDE 2 or 3, and Linux 2.2, 2.4 and 2.6 series kernels.
- Supports advanced Linux 2.4+ iptables features such as connection tracking and rate limited logging.
- Firewall scripts can be Imported/Exported for use on machines other than the current one.
- DHCP support.
- Uses a "what is not explicitly allowed, is denied" philosophy. Fail-safe design.
- Well documented with tutorials and reference material.
- Licensed under the terms of the GNU General Public License. Is Free and will remain Free.