Tools
- WireShark
- http://www.wireshark.org
- A free packet sniffer used for network troubleshooting, analysis, software and communications protocol development, and education. Renamed from Ethereal June 2006.
- Xplico
- http://www.xplico.org
- Xplico is an open source Network Forensic Analysis Tool (NFAT) that can extract application data contained within a stream or capture file.
- Ettercap-NG
- http://ettercap.sourceforge.net
- A suite for man-in-the-middle attacks on LANs. Sniffs live connections, filters content on the fly, and supports active and passive dissection of many protocols (even ciphered ones). Many features for network and host analysis.
- WinDump
- http://www.winpcap.org/windump
- The tcpdump-compatible Windows version. WinDump can be used to watch, diagnose and save to disk network traffic according to various complex rules.
- ngrep
- http://ngrep.sourceforge.net
- A pcap-aware tool that allows extended regular or hexadecimal expressions to match against data payloads of packets. Currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic like other sniffers.
- Berkeley Packet Filter
- Your best bet:
man bpf - Network Miner
- http://www.netresec.com/?page=NetworkMiner
- NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
- Cain & Abel
- http://www.oxid.it/cain.html
- Cain & Abel is a multi-purpose security tool for the Microsoft Operating System. While this tool is typically known for its password auditing capabilities, the built in network sniffer is very powerful. Specifically its ability to perform ARP poisoning and audit VoIP make this tool worth looking into.
Training & How-to's
- Learn to Subnet
- http://www.learntosubnet.com A Free Lecture-based Educational Course that covers Binary Math, IP Addressing, Default Subnet Masks, ARP, and more.
- How to upgrade ESXi 4.1 to ESXi 5.0
NOTE: Ensure you stop all VMs and have extra disk space in your datastore prior to the upgrade - http://blog.vmpros.nl/2011/07/13/vmware-easy-upgrade-esxi-4-1-to-esxi-5-0/
- A tcpdump Tutorial and Primer
- http://danielmiessler.com/study/tcpdump/
- Introduction to ARP Poisoning
- http://www.oxid.it/downloads/apr-intro.swf
- UFW - Uncomplicated Firewall
- https://www.ubuntu.com/community/UFW"
Reference Material
- Ethernet Vendor Codes
- http://standards.ieee.org/regauth/oui/oui.txt
- Ethernet Multicast (including Broadcast) Addresses
- http://www.cavebear.com/archive/cavebear/Ethernet/multicast.html
- Ethernet Packet Type Codes
- http://www.cavebear.com/archive/cavebear/Ethernet/type.html
- IP Port Numbers and Services
- http://www.iana.org/assignments/port-numbers
- Network and Wild Mask Information
- https://www.telcom.arizona.edu/netmasks.html
- Protocol Names and Numbers
- http://www.iana.org/assignments/protocol-numbers
Videos
Welcome to the Wall of Sheep virtual video library. In this seciton of our site, we provide links to videos from a variety of sources on the net that have educational value. NOTE: We do not own, or claim any ownership to the material listed below.- How DHCP works
- How a network switch works
- How a Traceroute works
- ngrep Tutorial - NOTE: There is music in the background of this video.. You may want to turn your sound down.
- dsniff Tutorial - NOTE: There is music in the background of this video.. You may want to turn your sound down.
- How to configure Uncomplicated Firewall (UFW) on Ubuntu Linux
- Mastering IPTables Volume 1/3
- Mastering IPTables Volume 2/3
- Mastering IPTables Volume 3/3
