Packet Sniffers & Crafting Tools

Understanding packets and hopefully what’s inside them is clearly vital to your success as a Cybersecurity Professional. Hopefully, these tools, updated for 2019, will help you with this important piece of the puzzle.

14

TOOLS

fancy sniffing some packets?

The first time I spoke about Packet Sniffing to my business partner he thought I was being a pervert…

No, alas, packet sniffing is all about being able to detect and in many cases manipulate the packets that are flowing in and out of a network. The tools and software that we are listing on this page we hope will be of use to you in your quest to improve your Cybersecurity skills!

The tools that we list here vary with usage but what we’ve done is tried to list as many genuinely useful packer sniffer tools that we have used in the past.

It’s all about the packets stupid!

The HTTP protocol and heck, the entire Internet, is dependent and committed to using the TCP/ IP and UDP Protocols (as well as a bunch of other variations).

Anyone reading this page should be aware of the importance of understanding how protocols work if you are to try to break the flow or attempt to ‘corrupt’ the transmission of ‘packets’. To those that are completely unfamiliar with packet behaviour then we strongly suggest that you learn about it.

Being able to spoof and ‘trick’ packets is a major weakness in network security and if you can master how to use the tools that we’ve listed below then you are in a great spot.

We’ve tried to list the ‘best packet crafting tools’ that we can find (and have used) but as most thing in IT the landscape is constantly evolving.

Scapy

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is Scapy?
Scapy is a very popular and useful packet crafting tool which works by manipulating packets. Scapy can decode packets from within a wide range of protocols, send them on the wire, capture, correlate send requests and replies, and more. Scapy can also be used to scan, traceroute, probe or discover networks. Our understanding is that Scapy can be used as a replacement for other tools like nmap, arpspoof, tcpdump, p0f, and others).

Is Scapy Free?
Yes, Scapy is free.

Does Scapy Work on all Operating Systems?
Scapy is compatible with Linux, Windows and MAC OS X operating systems.

What are the Typical Uses for Scapy?
Scapy can execute certain attacks that other tools are unable to, for example, being able to send invalid frames, inject 802.11 frames, combine technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel and more). In summary, this is a pretty damn cool tool. framework and we’d really value your feedback and comments regarding your experience in using Scapy.

Cain & Abel

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is Cain and Abel Hacking Tool?
Cain and Abel is a one of the most popular tool used for password recovery. It can recover various kinds of passwords by using methods such brute force attacks, cryptanalysis attacks and one of the most used which is the dictionary attack. This tool is maintained by Sean Babcock and Massimiliano Montor.

Is Cain and Abel Hacking Tool Free?
Yes! It is one of the most used and popular free hacking tool found on the internet.

Does Cain and Abel Hacking Tool Work on all Operating Systems?
Unfortunately, Cain and Abel is only available for Windows Operating Systems.

What are the Typical Uses for Cain and Abel Hacking Tool?
There are a lot of uses for Cain and Abel and this includes cracking of WEP and ability to crack LM & NTLM hashes, NTLMv2 hashes, Microsoft Cache hases, Microsoft Windows PWL files Cisco IOS – MD5 hashes and many more, speeding up packet capture speed via wireless packet injection, record VoIP conversations, decoding of scramble passwords, traceroute, hashes Calculation, dumping of Protected storage passwords, ARP spoofing, Network Password Sniffer, LSA secret dumper and IP to Mac Address resolver.

WIRESHARK

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is Wireshark?
This tool is a network packet analyzer and this kind of tool will try to capture networks packets used for analysis, network troubleshooting, education, software and communications protocol development and display the packet data obtained as detailed as possible. Formerly named Ethereal, it was renamed to Wireshard in May of 2006 due to trademark issues. Wireshark is a cross platform that now uses the Qt widget in current releases to implement its user interface. If you know tcpdump, Wireshark is very similar to it, but has a graphical front-end and some integrated filtering and sorting options.

Wireshark support promiscuous mode that lets the user put network interface controllers into that mode, for them to see all traffic visible on that interface, not only the traffic directed to one of the interface’s configured addresses and broadcast/multicast traffic. But, when in promiscuous mode capturing with a packet analyzer on a port on a network switch, not all traffic through the switch is sent to the port where the capture is made, so capturing in this mode is not necessarily enough to see all network traffic. Various network taps such as Port Mirroring extend capture to any point on the network. Simple passive taps are greatly resistant to tampering. Wireshark 1.4 and later on GNU/Linux, BSD, and OS X, with libpcap 1.0.0 or later can also put wireless network interface controllers into monitor mode. When a remote computer machine captures packets and transmit the captured packets to a machine running Wireshark using the the protocol used by OmniPeek or the TZSP protocol, those packets are dissected by Wireshark, so it can analyze packets captured on a remote machine at the time that they are captured. In Wireshark, there are color codes and the users sees packets highlighted in black, blue and green. It helps users in identifying the types of traffic at one glance. Black color determines TCP packets with problems. Blue colors is the DNS traffic while Green is the TCP traffic.

Is Wireshark Free?
Wireshark is an open source and free packet analyzer. You can go to its website (https://www.wireshark.org/download.htmlZ) and download the installer that is compatible with your system.

Does Wireshark Work on all Operating Systems?
Wireshark uses pcap to capture packets and runs on OSX, GNU/Linus, Solaris, Microsoft Windows and other operating systems that are Unix like.

What are the Typical Uses for Wireshark?
People use Wireshark to troubleshoot problems with their network, examine problems with security, protocol implementations debugging and learn more about the network protocol internals.

dsniff

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is dSniff?
dSniff is a network traffic analysis and password sniffing tool created by Dug Song to parse various application protocols and extract relevant data. dsniff, mailsnarf, filesnarf, msgsnarf, urlsnarf and webspy monitors a network for interesting information like emails, passwords and files while macof, dnsspoof and macof help in the interception of network traffic that is normally unvailable to the attacker.

Is dSniff Free?
Yes, use of this tool is free.

Does dSniff Work on all Operating Systems?
dSniff works on Linux, Windows and MAC OS X Operating systems.

What are the Typical Uses for dSniff?
The use of this tool is to sniff usernames, passwords, email contents and webpages visited. As the name implies, dsniff is a network sniffer but can also be used to disrupt behavior of normal switched networks and can cause network traffic from other hosts on the same network. It handles protocols like FTP, Telnet, LDAP, IMAP, NNTP, POP, OSPF, NFS, VRRP, Citrix ICA, Rlogin and many more.

EtherApe

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is Etherape?
Etherape is a Graphical Network Monitor that is modeled after etherman. It features an IP, TCP and link layer modes that displays network activity graphically. Links and hosts change in size with traffic. It also has a color coded protocols displays. This tool supports Hardware and Protocols such as FDDI, Ethernet, ISDN, Token Ring, SLIP, PPP and WLAN devices plus a lot of encapsulation formats. EtherApe can filter traffic to be shown and can read packets coming from a file as well as life from the network. Node statistics can also be exported.

Is Etherape Free?
Yes, Etherape is free to use.

Does Etherape Work on all Operating Systems?
Etherape works on Linux and MAC OS X operating systems.

What are the Typical Uses for Etherape?
Etherape is primarily used to track several types of network traffic.

Ettercap

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is Ettercap?
Ettercap is an open source network security tool made for man in the middle attacks on local area networks. It works by ARP poisoning the computer systems and putting a network interface into promiscuous mode. Thereby it can unlease several attacks on its victims. It also has a plugin support so features can be extended by putting new plugins.

Is Ettercap Free?
Ethercap is free and can be downloaded through their website which can be found here https://ettercap.github.io/ettercap/

Does Ettercap Work on all Operating Systems?
It works on several operating systems including Windows, MAC OS X and Linux.

What are the Typical Uses for Ettercap?
Ettercap is used to content filtering on the fly, sniff live connection and many more. It is also used for security auding and computer network protocol analysis. It has the capability to intercept traffic on a network segment, conduct active eavesdropping against common protocols and also used to capture passwords.

inSSIDer

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is Inssider?
Inssider is a wireless network scanner and was designed to overcome limitation of another tool which is NetStumbler. Inssider can track signal strength over time, open wireless access points and save logs with GPS records.

Is Inssider Free?
This is now a pay to use application.

Does Inssider Work on all Operating Systems?
It can be used on both Windows and Apple operating systems.

What are the Typical Uses for Inssider?
There are several uses for Inssider. It can collect data from wireless card and software. Assist with selecting the best wireless channel available. Render useful Wi-Fi network information such as SSID, MAC, vendor, data rate, signal strength, and security. Show graphs that signal strength over time. Shows which Wi-Fi network channels overlap. It also offers GPS support and data can be exported as Netstumbler (.ns1) files.

KisMAC

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is Kismac?
We’ve covered this tool here.

Kismet

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is Kismet?
We’ve covered this tool here.

NetStumbler

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is NetStumbler?
We’ve covered this tool here.

NetworkMiner

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is NetworkMiner?
Network Miner is created by Netresec – a cyber security software vendor. Netresec specialize in software and programs for network forensics and analysis of network traffic. Obviously, as a security professional, understanding what is happening on your network is half of the battle. NetworkMiner ships in a free and paid version, which we highly recommend since it is always beneficial to start with a ‘free’ version before migrating to the supported commerical version if you are happy with this network security tool.

Is NetworkMiner Free?
NetworkMiner ships in a free and paid version, which we highly recommend since it is always beneficial to start with a ‘free’ version before migrating to the supported commerical version if you are happy with this network security tool.

Does NetworkMiner Work on all Operating Systems?
NetworkMiner is a Network Forensic Analysis tool designed for Microsoft Windows.

What are the Typical Uses for NetworkMiner?
NetworkMiner is used as a passive network sniffer or packet capturing tool in order to detect various sessions, hostnames, open ports, operating systems and vice versa without putting any traffic on the network. It is also use to parse pcap files for analysis offline and be able to reassemble transmitted data files and certificated from pcap files. The display on NetworkMiner focuses on the hosts and attributes rather raw packets.

Ngrep

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is Ngrep?
This tool – ngrep – (which is a concatenation of ‘Network Grep’) is a network packet analyzer that works within the command line, and is reliant on the pcap library and the GNU regex library. ngrep is similar to tcpdump, but it offers more in that it will show the ‘regular expression’ in the payload of a packet, and also demonstrate the matching packets on a screen or console. The end result is that the user (typically a penetration tester or network security engineer) will see all unencrypted traffic being passed over the network. You need to put the network interface into promiscuous mode in order for this to work.

Is Ngrep Free?
Downloading and using of Ngrep is free.

Does Ngrep Work on all Operating Systems?
It works on operating systems running Linux, Windows and MAC OS X.

What are the Typical Uses for Ngrep?
Ngrep is used to store traffic on the wire and store pcap dump files and read files generated by tools like tcpdump or wireshark.

socat

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is Socat?
Socat is a command line utility that creates two bidirectional byte streams and trasnfer the data between them. Since the streams can be constructed from a huge set of different types of data sources and sinks, and because of many address options that may be applied to these streams, Socat can be used for various purposes.

Is Socat Free?
Yes, Socat is free.

Does Socat Work on all Operating Systems?
It works on Linux, Windows and MAC OSX operating systems.

What are the Typical Uses for Socat?
One of the uses of Socat is that it works similar to Netcat wherein it functions over a number of protocols and through pipes, devices files, sockets, a client for SOCKS4, proxy Connect etc. It gives logging, forking and dumping diferrent modes for interprocess communication and a lot more options. It can also be used to attack weak firewalls or even as a TCP fort forwarder.

HPING

Tool Category: Packet Sniffers & Crafting Tools

FREE

What is Hping?
Hping is a popular packet crafting tool used by penetration testers and IT Security auditors. Hping is essentially a command-line oriented TCP/ IP packet assembler and analyzer. This tool supports a wide variety of protocols such as TCP, UDP, ICMP and RAW-IP protocols. Hping also has a traceroute mode, the ability to send files between a covered channel, and various other features. Hping is a great tool to use when learning about TCP/ IP.

Is Hping Free?
Yes, Hping is free.

Does Hping Work on all Operating Systems?
This hacking tool works on Linux, MAC OSX and Windows operating systems.

What are the Typical Uses for Hping?
According to the developers, whilst hping was primarily used as a security tool in the past, it has many other uses including an In-depth port scanning, testing Firewall, manual path MTU discovery, testing networks using different protocols, TOS, fragmentation, remote OS fingerprinting, advanced traceroute, under all the supported protocols, TCP/ IP stacks auditing and remote uptime guessing.

This Post Has One Comment

  1. What hacking tools can I use from my Android phone?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.