Sheep

Wall of Sheep

Tools & Training

There are numerous free tools and commands available to join us in the hunt for sheep. We have provided a guide to our favorites below, but the Wall of Sheep waives all responsibility for what you do with them. Please see our legal section.

Tools

TCPDump
http://www.tcpdump.org
A common command line packet sniffer that allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network.
WinDump
http://www.winpcap.org/windump
The tcpdump-compatible Windows version. WinDump can be used to watch, diagnose and save to disk network traffic according to various complex rules.
ngrep
http://ngrep.sourceforge.net
A pcap-aware tool that allows extended regular or hexadecimal expressions to match against data payloads of packets. Currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic like other sniffers.
WireShark
http://www.wireshark.org
A free packet sniffer used for network troubleshooting, analysis, software and communications protocol development, and education. Renamed from Ethereal June 2006.
Ettercap-NG
http://ettercap.sourceforge.net
A suite for man-in-the-middle attacks on LANs. Sniffs live connections, filters content on the fly, and supports active and passive dissection of many protocols (even ciphered ones). Many features for network and host analysis.
Berkeley Packet Filter
Your best bet: man bpf
TCPDump Recipes
http://dmiessler.com/study/tcpdump_recipes

Reference

Ethernet Vendor Codes
http://standards.ieee.org/regauth/oui/oui.txt
Ethernet Multicast (including Broadcast) Addresses
http://www.cavebear.com/CaveBear/Ethernet/multicast.html
Ethernet Packet Type Codes
http://www.cavebear.com/CaveBear/Ethernet/type.html
IP Port Numbers and Services
http://www.iana.org/assignments/port-numbers
Network and Wild Mask Information
https://www.telcom.arizona.edu/netmasks.html
Protocol Names and Numbers
http://www.iana.org/assignments/protocol-numbers

Upcoming Events

Black Hat Briefings 2008
Aug 6-7, 2008 in Las Vegas, NV
Come join the Wall of Sheep at its first year at Black Hat USA 2008. A whole new con, a whole new batch of sheep!
Defcon 16
Aug 8-10, 2008 in Las Vegas, NV
The Wall of Sheep returns to Defcon for its 7th year.

Recent Press

Defcon 2007: The Wall of Sheep gets “Hamsterized”
Humphrey Cheung on 2007-08-07
Liquidmatrix Security Digest » Wall of Sheep 2007
Dave Lewis on 2007-08-05
Wall of Sheep in a Comic
Brian Shearer on 2006-08-10

see more press items...

Privacy policy | All contents copyright © 2008 the Wall of Sheep