packet sniffer
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 599
Advanced Packet Sniffer 0.19
Aps is a small tool for analyzing network traffic. more>>
Aps is a small tool for analyzing network traffic. It prints out a great deal of information about the relevant protocols including TCP, UDP, ARP, and ICMP.
It allows you to filter IP addresses, hardware addresses, ports, and specific protocols. It comes with a little GTK-GUI displaying packet counters for each protocol.
APS tries to print detailed info about network frames that are received from the SOCK_RAW (ETH_P_ALL) socket. I am not sure if this is the clean way, but it works fine. APS prints info about the hardware layer and the IP and TCP/UDP/ICMP header.
The tail of the packet (mostly the data) wich could not be interpreted is written on the screen as ascii/hex-dump or both (your choice).
Example
HW-ADDR: 00:60:8c:f6:40:96 -----> 00:80:ad:30:8f:3b
IP-ADDR: 192.168.17.52 -----> 192.168.17.50
IP-Ver4 || Head:0x0a (bytes) || Service(TOS):16 || Length over all:0061
Fragmentation: ID:0x4079 - Flags: 0 1 0 - Offset:00000
TTL:064 || Protokoll:006 (TCP) || HeaderCRC:0x567b
TCP-HEADER:
Ports: 0023-->1034 (telnet) Seq./Ack. Nr.:0x70843468 / 0xeae29434
Data-Offset:0x05 Reserved-6Bit:00 Flags:-urg-ACK-PSH-rst-syn-fin-
Window:0x7fe0 CRC:0x9420 Urgent-Pointer:0x0000
73 61 74 75 72 6e 32 3a 2f 73 72 76 2f 70 72 69 6e 74 71 23 20
HW-ADDR: 52:54:40:25:8d:88 -----> ff:ff:ff:ff:ff:ff
SAMBA/NetBios
e0 e0 03 ff ff 00 22 00 11 00 00 00 00 ff ff ff ff ff ff 04 52 00 00 00 00 52
40 25 8d 88 40 08 00 03 00 04 20 20 20 20 20 20 20 20 20
HW-ADDR: 00:80:ad:30:8f:3b -----> 00:60:8c:f6:40:96
IP-ADDR: 192.168.17.50 -----> 194.112.123.200
IP-Ver4 || Head:0x0a (bytes) || Service(TOS):0 || Length over all:0029
Fragmentation: ID:0x29ae - Flags: 0 0 0 - Offset:00000
TTL:064 || Protokoll:001 (ICMP) || HeaderCRC:0x411f
echo request CODE:0x0 CRC:0xf9f5 SIG:0x602 NUM:0x0
00 ea
Enhancements:
- added break for Packet-counter and fixed some minor bugs
<<lessIt allows you to filter IP addresses, hardware addresses, ports, and specific protocols. It comes with a little GTK-GUI displaying packet counters for each protocol.
APS tries to print detailed info about network frames that are received from the SOCK_RAW (ETH_P_ALL) socket. I am not sure if this is the clean way, but it works fine. APS prints info about the hardware layer and the IP and TCP/UDP/ICMP header.
The tail of the packet (mostly the data) wich could not be interpreted is written on the screen as ascii/hex-dump or both (your choice).
Example
HW-ADDR: 00:60:8c:f6:40:96 -----> 00:80:ad:30:8f:3b
IP-ADDR: 192.168.17.52 -----> 192.168.17.50
IP-Ver4 || Head:0x0a (bytes) || Service(TOS):16 || Length over all:0061
Fragmentation: ID:0x4079 - Flags: 0 1 0 - Offset:00000
TTL:064 || Protokoll:006 (TCP) || HeaderCRC:0x567b
TCP-HEADER:
Ports: 0023-->1034 (telnet) Seq./Ack. Nr.:0x70843468 / 0xeae29434
Data-Offset:0x05 Reserved-6Bit:00 Flags:-urg-ACK-PSH-rst-syn-fin-
Window:0x7fe0 CRC:0x9420 Urgent-Pointer:0x0000
73 61 74 75 72 6e 32 3a 2f 73 72 76 2f 70 72 69 6e 74 71 23 20
HW-ADDR: 52:54:40:25:8d:88 -----> ff:ff:ff:ff:ff:ff
SAMBA/NetBios
e0 e0 03 ff ff 00 22 00 11 00 00 00 00 ff ff ff ff ff ff 04 52 00 00 00 00 52
40 25 8d 88 40 08 00 03 00 04 20 20 20 20 20 20 20 20 20
HW-ADDR: 00:80:ad:30:8f:3b -----> 00:60:8c:f6:40:96
IP-ADDR: 192.168.17.50 -----> 194.112.123.200
IP-Ver4 || Head:0x0a (bytes) || Service(TOS):0 || Length over all:0029
Fragmentation: ID:0x29ae - Flags: 0 0 0 - Offset:00000
TTL:064 || Protokoll:001 (ICMP) || HeaderCRC:0x411f
echo request CODE:0x0 CRC:0xf9f5 SIG:0x602 NUM:0x0
00 ea
Enhancements:
- added break for Packet-counter and fixed some minor bugs
Download (0.088MB)
Added: 2005-09-21 License: GPL (GNU General Public License) Price:
1512 downloads
PHP Client Sniffer 2.1.3
PHP Client Sniffer is a PHP class file that allows one to quickly determine the clients browser. more>>
PHP Client Sniffer is a PHP class file that allows one to quickly determine the clients browser and system information based on the HTTP_USER_AGENT string. The class can be used to generate browser specific html marks and other client side scripting.
Enhancements:
- add k-meleon support
- add camino support
- add mozilla firebird support
- add amiga support
- fixed issues with netscape and gecko browsers
<<lessEnhancements:
- add k-meleon support
- add camino support
- add mozilla firebird support
- add amiga support
- fixed issues with netscape and gecko browsers
Download (0.020MB)
Added: 2006-06-29 License: LGPL (GNU Lesser General Public License) Price:
1217 downloads
KSniffer 0.3
KSniffer is a sniffing application for KDE. more>>
KSniffer is a sniffing application for KDE. KSniffer is in the starting release... Not yet released as stable, not for crashed, but for few feature.
Enhancements:
- add/remove KSniffer in the system tray bar
- added KSniffer option dialog:
- sniffer settings:
- display packets after you stopped capture available
- capture settings:
- stop manually
- stop after X packets
- stop after X bytes/kilobytes/megabyes/gigabytes
- stop after X seconds/minutes/hours/days
- added data for TCP detail display
- added pause/continue capture
- reading ports name from system (file /etc/services)
- quick search added (dependancy from kdelibs >= 3.3)
- better management for loading file
- better management for temporary file
- root privileges dont need anymore for the GUI
- removed sorting feature cause of bad performing for lots of packets
- getting information on IP: can be detected some networking information
- on source or destination selected IP:
- whois
- traceroute
- ping
- dig
- host
- nslookup
- compiling on FreeBSD and some other Linux platform
- fixed boring bugs
Enhancements:
- new icon and splashscreen thanks to Carmine De Rosa
- fixed crash when you click on a captured packet after you tryed to open a file, but you didnt open it
- give the port name to UDP and TCP connections getting them from /etc/services file
- show raw bytes of a selected packet from the list of the captured one
- changed "sniff" application name to "ksniff" to avoid name conflicts with other sniffing applications
- fixed bug that avoid saving sniffed data quitting from the application
- get the list of the network interfaces that have different MAC addresses
- check ksniff permissions to avoid users think KSniffer doesnt work: Debian/*ubuntu/OpenSuSE remove
- the suid bit: a warning dialog will appear in case ksniff ha not found or has not the SUID bit
<<lessEnhancements:
- add/remove KSniffer in the system tray bar
- added KSniffer option dialog:
- sniffer settings:
- display packets after you stopped capture available
- capture settings:
- stop manually
- stop after X packets
- stop after X bytes/kilobytes/megabyes/gigabytes
- stop after X seconds/minutes/hours/days
- added data for TCP detail display
- added pause/continue capture
- reading ports name from system (file /etc/services)
- quick search added (dependancy from kdelibs >= 3.3)
- better management for loading file
- better management for temporary file
- root privileges dont need anymore for the GUI
- removed sorting feature cause of bad performing for lots of packets
- getting information on IP: can be detected some networking information
- on source or destination selected IP:
- whois
- traceroute
- ping
- dig
- host
- nslookup
- compiling on FreeBSD and some other Linux platform
- fixed boring bugs
Enhancements:
- new icon and splashscreen thanks to Carmine De Rosa
- fixed crash when you click on a captured packet after you tryed to open a file, but you didnt open it
- give the port name to UDP and TCP connections getting them from /etc/services file
- show raw bytes of a selected packet from the list of the captured one
- changed "sniff" application name to "ksniff" to avoid name conflicts with other sniffing applications
- fixed bug that avoid saving sniffed data quitting from the application
- get the list of the network interfaces that have different MAC addresses
- check ksniff permissions to avoid users think KSniffer doesnt work: Debian/*ubuntu/OpenSuSE remove
- the suid bit: a warning dialog will appear in case ksniff ha not found or has not the SUID bit
Download (0.65MB)
Added: 2007-07-22 License: GPL (GNU General Public License) Price:
826 downloads
phpsniffer 0.1
phpsniffer shows that PHP really is the right tool for every programmnig task imaginable. more>>
phpsniffer shows that PHP really is the right tool for every programmnig task imaginable (humor, laugh), I submit for your amusement, phpsniffer.
phpsniffer is a packet sniffer written entirely in PHP without any PECL/PEAR extensions. (It is recommended that you check out Phpcap for any serious sniffing at http://alcane.newffr.com/phpcap/).
phpsniffer has some limitations:
- You probably will only see one side of a conversation.
- You might miss packets with a short TTL.
- Currently only IP,ICMP,UDP, and TCP headers are decoded.
- Sockets must be enable in your PHP build.
<<lessphpsniffer is a packet sniffer written entirely in PHP without any PECL/PEAR extensions. (It is recommended that you check out Phpcap for any serious sniffing at http://alcane.newffr.com/phpcap/).
phpsniffer has some limitations:
- You probably will only see one side of a conversation.
- You might miss packets with a short TTL.
- Currently only IP,ICMP,UDP, and TCP headers are decoded.
- Sockets must be enable in your PHP build.
Download (0.002MB)
Added: 2006-06-26 License: Free for non-commercial use Price:
697 downloads
PictoSniff 0.2
PictoChat sniffer allows you to spy live on PictoChat communications between Nintendo DS gaming consoles. more>>
PictoChat sniffer allows you to spy live on PictoChat communications between Nintendo DS gaming consoles.
Requires a 802.11 device with support for monitor mode and Radiotap (tested only under FreeBSD with the p54u driver). Based upon GTK2 and libpcap.
<<lessRequires a 802.11 device with support for monitor mode and Radiotap (tested only under FreeBSD with the p54u driver). Based upon GTK2 and libpcap.
Download (0.12MB)
Added: 2005-07-22 License: GPL (GNU General Public License) Price:
923 downloads
Packet Excalibur 1.0.2
Packet Excalibur is a multi-platform graphical and scriptable network packet engine with extensible text-based protocol descript more>>
Packet Excalibur is a multi-platform graphical and scriptable network packet engine with extensible text-based protocol descriptions. It is a network tool designed to build and receive custom packets from network.
Pen testing firewalls, routers, or any network enable equipment. Validating your custom built protocols without the burden of writting lines of code. Teaching yourself how protocols works and articulates around each other.
Download the install package (PacketExcalibur_*.*_linux_tgz)
Unzip and untar the archive, run "make" in the "PacketExcalibur_*/main" directory,
- binaries are installed in /usr/sbin
- support packages are installed in /var/cache/excalibur
- preference file is created in the user home directory
<<lessPen testing firewalls, routers, or any network enable equipment. Validating your custom built protocols without the burden of writting lines of code. Teaching yourself how protocols works and articulates around each other.
Download the install package (PacketExcalibur_*.*_linux_tgz)
Unzip and untar the archive, run "make" in the "PacketExcalibur_*/main" directory,
- binaries are installed in /usr/sbin
- support packages are installed in /var/cache/excalibur
- preference file is created in the user home directory
Download (1.8MB)
Added: 2006-07-04 License: GPL (GNU General Public License) Price:
1259 downloads
Justniffer 0.5.6
justniffer is a tcp packet sniffer. It can log network traffic in a standard (web server like) or in a customized way. It can also log response times, useful for tracking network services performances (e.g. web server, application server, etc.) more>> <<less
Added: 2009-07-26 License: GPL v3 Price: FREE
downloads
deja-packet 1.0
deja-packet transmits raw packets through a specified interface. more>>
deja-packet transmits raw packets through a specified interface.
Usage: ./deja-packet -pcap < libpcap capture file > < interface name >
or: ./deja-packet -raw < raw packet file > < interface name >
Note: you must be root to successfully transmit packets with deja-packet due to the Linux security restrictions with raw sockets.
In the [-p]cap mode, deja-packet transmits selected packets from a libpcap capture file (such as one created by Ethereal/Wireshark, or tcpdump). In the [-r]aw mode, deja-packet transmits the raw contents of a file as one whole packet.
The [-p]cap mode is interactive: the user will be continuously prompted to select which packet from the libpcap capture file to transmit, until the “q” character is encountered, where the program will quit.
Example pcap mode:
$ sudo ./deja-packet -p icmp_ping.pcap eth0
Select packet number (1 to 6) for transmission or q for quit: 1
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 2
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 5
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 6
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: q
$
In the [-r]aw mode, deja-packet exits immediately after the attempted transmission is complete (allows deja-packet to be easily used with a script).
Example raw mode:
$ sudo ./deja-packet -r samplepacket eth0
Successfully transmitted packet!
$
icmp_ping.pcap is included as a sample libpcap capture file.
To compile deja-packet, simply use the command “make”.
deja-packet remains Linux-only because it requires PF_PACKET sockets.
This project is released under the GNU General Public License version 2.
<<lessUsage: ./deja-packet -pcap < libpcap capture file > < interface name >
or: ./deja-packet -raw < raw packet file > < interface name >
Note: you must be root to successfully transmit packets with deja-packet due to the Linux security restrictions with raw sockets.
In the [-p]cap mode, deja-packet transmits selected packets from a libpcap capture file (such as one created by Ethereal/Wireshark, or tcpdump). In the [-r]aw mode, deja-packet transmits the raw contents of a file as one whole packet.
The [-p]cap mode is interactive: the user will be continuously prompted to select which packet from the libpcap capture file to transmit, until the “q” character is encountered, where the program will quit.
Example pcap mode:
$ sudo ./deja-packet -p icmp_ping.pcap eth0
Select packet number (1 to 6) for transmission or q for quit: 1
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 2
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 5
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 6
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: q
$
In the [-r]aw mode, deja-packet exits immediately after the attempted transmission is complete (allows deja-packet to be easily used with a script).
Example raw mode:
$ sudo ./deja-packet -r samplepacket eth0
Successfully transmitted packet!
$
icmp_ping.pcap is included as a sample libpcap capture file.
To compile deja-packet, simply use the command “make”.
deja-packet remains Linux-only because it requires PF_PACKET sockets.
This project is released under the GNU General Public License version 2.
Download (0.004MB)
Added: 2007-07-04 License: GPL (GNU General Public License) Price:
847 downloads
assniffer 0.1 Alpha
assniffer is an auto saving sniffer for windows and linux. more>>
assniffer is an auto saving sniffer for windows and linux.
assniffer can monitor (using pcap) a network, and for every HTTP transfer it sees, save a copy of the transferred data.
This is less for sinister uses, and more for taking advantage of the already-transferred data that your computer may be exposed to.
Linux users should install libpcap, and tools to enable compiling.
Compilation:
- Go to the source/assniffer directory and type make.
<<lessassniffer can monitor (using pcap) a network, and for every HTTP transfer it sees, save a copy of the transferred data.
This is less for sinister uses, and more for taking advantage of the already-transferred data that your computer may be exposed to.
Linux users should install libpcap, and tools to enable compiling.
Compilation:
- Go to the source/assniffer directory and type make.
Download (0.030MB)
Added: 2006-03-10 License: Freeware Price:
1325 downloads
Javascript Browser Sniffer 0.5.1
JavaScript Browser Sniffer is a browser identifier written in JavaScript (EcmaScript) and released under the LGPL license. more>>
JavaScript Browser Sniffer is a browser identifier written in JavaScript (EcmaScript) and released under the LGPL license. It can tell your browser name, version and operating system you (the visitor) are using (its like phpsniff, but in JavaScript)
Main features:
- Microsoft Internet Explorer (should work with any version)
- Netscape 4.x, 6.x and 7.x
- Mozilla Seamonkey, Galeon, Firebird, Phoenix, Epiphany, K-Meleon, Camino and Chimera (should work with any version)
- Opera (should work with any version)
- Konqueror (should work with any version)
- Nautilus (version number is not available yet)
- Safari (should work with any version)
- Omniweb (should work with any version))
- Links (should work with any version)
- ELinks (should work with any version)
- PowerMarks (should work with any version)
- Crazy Browser (should work with any version)
- MyIE2 (should work with any version)
- Java (should work with any version)
- iCab (should work with any version)
- NetFront (should work with any version)
- Avant Browser (should work with any version)
- MSN Explorer (should work with any version)
- w3m (should work with any version) (please note that w3m only supports JavaScript on the client-side if using w3m-js)
- Netcaptor (should work with any version)
- Dillo (should work with any version) (only server-side)
- Lynx (should work with any version) (only server-side)
<<lessMain features:
- Microsoft Internet Explorer (should work with any version)
- Netscape 4.x, 6.x and 7.x
- Mozilla Seamonkey, Galeon, Firebird, Phoenix, Epiphany, K-Meleon, Camino and Chimera (should work with any version)
- Opera (should work with any version)
- Konqueror (should work with any version)
- Nautilus (version number is not available yet)
- Safari (should work with any version)
- Omniweb (should work with any version))
- Links (should work with any version)
- ELinks (should work with any version)
- PowerMarks (should work with any version)
- Crazy Browser (should work with any version)
- MyIE2 (should work with any version)
- Java (should work with any version)
- iCab (should work with any version)
- NetFront (should work with any version)
- Avant Browser (should work with any version)
- MSN Explorer (should work with any version)
- w3m (should work with any version) (please note that w3m only supports JavaScript on the client-side if using w3m-js)
- Netcaptor (should work with any version)
- Dillo (should work with any version) (only server-side)
- Lynx (should work with any version) (only server-side)
Download (0.020MB)
Added: 2006-10-19 License: GPL (GNU General Public License) Price:
652 downloads
Packet Debugger 0.1 Beta
Packet Debugger presents a debugger-like UI for pcap packet capture files. more>>
Packet Debugger presents a debugger-like UI for pcap packet capture files.
The Packet Debugger (pdb) allows users to work with packet streams as if they were working with a source code debugger.
Users can list, inspect, modify, and retransmit any packet from captured files, as well as work with live packet captures.
<<lessThe Packet Debugger (pdb) allows users to work with packet streams as if they were working with a source code debugger.
Users can list, inspect, modify, and retransmit any packet from captured files, as well as work with live packet captures.
Download (0.15MB)
Added: 2007-01-20 License: BSD License Price:
1010 downloads
Packet filtering setup script
Packet filtering setup script by Anthony C. Zboralski. more>>
Packet filtering setup script by Anthony C. Zboralski. Adapted by Didi Damian for iptables version 1.0.0
Sample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
<<lessSample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
984 downloads
Serial Line Sniffer 0.4.4
slsnif is a serial port logging utility. more>>
slsnif is a serial line sniffer. It listens to the specified serial port and logs all data coming through it. slsnif works transparently for both the device connected to the serial port and the controlling software for this device. It operates by opening a pseudo tty (pty) and linking it to the actual serial port.
slsnif operates by opening a pty and linking it to the serial port. These are following parameters / options:
1. Serial port to open (required).
2. Name of the file to direct output to (optional, defaults to stdout).
3. Desired baudrate (optional, defaults to 9600 baud).
4. Timestamp On/Off (optional, defaults to Off).
5. Print ascii values in hex On/Off (optional, defaults to Off)
6. Print number of bytes transmitted On/Off (optional, defaults to Off).
7. Optional colors for timestamp, number of bytes transmitted and normal output.
8. Lock port On/Off (optional, defaults to On).
9. Use Unix98 ptys instead of BSD ptys (optional, defaults to BSD style).
10. Second serial port to open. If specified, this port will be used instead of a pty, thus providing an ability to log data between two serial ports.
Enhancements:
- Added ability to resynchronize ports at any time by sending a SIGUSR1 signal to slsnif. Useful for debugging applications that change port parameters mid-way, after starting the transmission. One example is pppd daemon, which sets initial parameters in the chat script, and changes them later, after chat script terminates.
- Added ability to use SYSV (Unix98) ptys instead of BSD ones (see -u and --unix98 parameters). This option can also be turned on/off from rc-file.
<<lessslsnif operates by opening a pty and linking it to the serial port. These are following parameters / options:
1. Serial port to open (required).
2. Name of the file to direct output to (optional, defaults to stdout).
3. Desired baudrate (optional, defaults to 9600 baud).
4. Timestamp On/Off (optional, defaults to Off).
5. Print ascii values in hex On/Off (optional, defaults to Off)
6. Print number of bytes transmitted On/Off (optional, defaults to Off).
7. Optional colors for timestamp, number of bytes transmitted and normal output.
8. Lock port On/Off (optional, defaults to On).
9. Use Unix98 ptys instead of BSD ptys (optional, defaults to BSD style).
10. Second serial port to open. If specified, this port will be used instead of a pty, thus providing an ability to log data between two serial ports.
Enhancements:
- Added ability to resynchronize ports at any time by sending a SIGUSR1 signal to slsnif. Useful for debugging applications that change port parameters mid-way, after starting the transmission. One example is pppd daemon, which sets initial parameters in the chat script, and changes them later, after chat script terminates.
- Added ability to use SYSV (Unix98) ptys instead of BSD ones (see -u and --unix98 parameters). This option can also be turned on/off from rc-file.
Download (0.14MB)
Added: 2006-06-28 License: GPL (GNU General Public License) Price:
1248 downloads
Packet Garden 1.0pre5
Packet Garden is a project that allows you to grow a world from network traffic. more>>
Packet Garden is a project that allows you to grow a world from network traffic.
Packet Garden captures information about how you use the internet and uses this stored information to grow a private world you can later explore.
To do this, Packet Garden takes note of all the servers you visit, their geographical location and the kinds of data you access.
Uploads make hills and downloads valleys, their location determined by numbers taken from internet address itself.
The size of each hill or valley is based on how much data is sent or received.
Plants are also grown for each protocol detected by the software; if you visit a website, an HTTP plant is grown. If you share some files via eMule, a Peer to Peer plant is grown, and so on.
<<lessPacket Garden captures information about how you use the internet and uses this stored information to grow a private world you can later explore.
To do this, Packet Garden takes note of all the servers you visit, their geographical location and the kinds of data you access.
Uploads make hills and downloads valleys, their location determined by numbers taken from internet address itself.
The size of each hill or valley is based on how much data is sent or received.
Plants are also grown for each protocol detected by the software; if you visit a website, an HTTP plant is grown. If you share some files via eMule, a Peer to Peer plant is grown, and so on.
Download (2.5MB)
Added: 2007-01-16 License: GPL (GNU General Public License) Price:
1015 downloads
Pacemaker 0.4
Pacemaker is a dynamic rate-limiting script that watches network traffic . more>>
Pacemaker is a dynamic rate-limiting script that watches network traffic and determines which machines are probably abusing your network. Pacemaker catches things like Windows worm scans, port scans, P2P network traffic, and anything else that tries to go beyond the normal number of connections a standard machine should use. The machine needs to abuse the network for two minutes before pacemaker will mark the IP address to be ratelimited. Also, a machine will stay marked for as many minutes as it has abused the network.
Pacemaker uses iptables to mark packets for specific IP addresses it determines are abusing the network resources. Once the packets are marked iproute2 and tc can filter and ratelimit the traffic to whatever speed you want.
In order to use pacemaker you will need to have the latest iptables, a kernel that can handle iptables packet mangling, a network sniffer (currently only tcpdump or tethereal are
supported) and the lastest iproute2+tc tools.
First add a class to your ratelimiting system. There is an example provided (what I use currently) in htb-qdisc-example-eth0 or htb-qdisc-example-eth1.
open pacemaker and change the defaults to your local settings.
run make install
Enhancements:
- Fixed documentation listing required software.
<<lessPacemaker uses iptables to mark packets for specific IP addresses it determines are abusing the network resources. Once the packets are marked iproute2 and tc can filter and ratelimit the traffic to whatever speed you want.
In order to use pacemaker you will need to have the latest iptables, a kernel that can handle iptables packet mangling, a network sniffer (currently only tcpdump or tethereal are
supported) and the lastest iproute2+tc tools.
First add a class to your ratelimiting system. There is an example provided (what I use currently) in htb-qdisc-example-eth0 or htb-qdisc-example-eth1.
open pacemaker and change the defaults to your local settings.
run make install
Enhancements:
- Fixed documentation listing required software.
Download (0.013MB)
Added: 2006-06-29 License: GPL (GNU General Public License) Price:
1214 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above packet sniffer search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
