Tools & Training

 

WireShark
http://www.wireshark.org
A free packet sniffer used for network troubleshooting, analysis, software and communications protocol development, and education. Renamed from Ethereal June 2006.
Xplico
http://www.xplico.org
Xplico is an open source Network Forensic Analysis Tool (NFAT) that can extract application data contained within a stream or capture file.
Ettercap-NG
http://ettercap.sourceforge.net
A suite for man-in-the-middle attacks on LANs. Sniffs live connections, filters content on the fly, and supports active and passive dissection of many protocols (even ciphered ones). Many features for network and host analysis.
WinDump
http://www.winpcap.org/windump
The tcpdump-compatible Windows version. WinDump can be used to watch, diagnose and save to disk network traffic according to various complex rules.
ngrep
http://ngrep.sourceforge.net
A pcap-aware tool that allows extended regular or hexadecimal expressions to match against data payloads of packets. Currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic like other sniffers.
Berkeley Packet Filter
Your best bet: man bpf
Network Miner
http://www.netresec.com/?page=NetworkMiner
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
Cain & Abel
http://www.oxid.it/cain.html
Cain & Abel is a multi-purpose security tool for the Microsoft Operating System. While this tool is typically known for its password auditing capabilities, the built in network sniffer is very powerful. Specifically its ability to perform ARP poisoning and audit VoIP make this tool worth looking into.