Understanding packets and hopefully what’s inside them is clearly vital to your success as a Cybersecurity Professional. Hopefully, these tools, updated for 2020, will help you with this important piece of the puzzle.
Posted by Henry Dalziel | December 16, 2019 | Questions / Comments 1
- C|EH, Security+, MSc Marketing Management;
- Based in Hong Kong for the last five years;
- Cybersecurity Pro & Growth Hacker
Yes indeed, the brunt of many a joke…
The first time I spoke about Packet Sniffing to my business partner he thought I was being a pervert…
No, alas, packet sniffing is all about being able to detect and in many cases manipulate the packets that are flowing in and out of a network. The tools and software that we are listing on this page we hope will be of use to you in your quest to improve your Cybersecurity skills!
The tools that we list here vary with usage but what we’ve done is tried to list as many genuinely useful packer sniffer tools that we have used in the past.
It’s all about the packets stupid!
The HTTP protocol and heck, the entire Internet, is dependent and committed to using the TCP/ IP and UDP protocols (as well as a bunch of other variations).
Anyone reading this page should be aware of the importance of understanding how protocols work if you are to try to break the flow or attempt to ‘corrupt’ the transmission of ‘packets’. To those that are completely unfamiliar with packet behavior then we strongly suggest that you learn about it.
Being able to spoof and ‘trick’ packets is a major weakness in network security and if you can master how to use the tools that we’ve listed below then you are in a great spot.
We’ve tried to list the ‘best packet crafting tools’ that we can find (and have used) but like most things, in IT the landscape is constantly evolving.
Join Our Mailing List & Get Tool Updates / Tutorial Info
Please Share This Resource! [HINT: We'll LOVE YOU for it!]
Wireshark is an absolute classic and probably the best known network analyzer and password cracking tool. Of course, the password must be sent via an encrypted format for Wireshark This tool is a network packet analyzer and this kind of tool will try to capture networks packets used for analysis, network troubleshooting, education, software and communications protocol development and display the packet data obtained as detailed as possible.
Formerly named Ethereal, it was renamed to Wireshard in May of 2006 due to trademark issues. Wireshark is a cross-platform that now uses the Qt widget in current releases to implement its user interface. If you know tcpdump, Wireshark is very similar to it but has a graphical front-end and some integrated filtering and sorting options.
Wireshark supports promiscuous mode that lets the user put network interface controllers into that mode, for them to see all traffic visible on that interface, not only the traffic directed to one of the interface’s configured addresses and broadcast/multicast traffic. But, when in promiscuous mode capturing with a packet analyzer on a port on a network switch, not all traffic through the switch is sent to the port where the capture is made, so capturing in this mode is not necessarily enough to see all network traffic.
Various network taps such as Port Mirroring extend capture to any point on the network. Simple passive taps are greatly resistant to tampering. Wireshark 1.4 and later on GNU/Linux, BSD, and OS X, with libpcap 1.0.0 or later can also put wireless network interface controllers into monitor mode. When a remote computer machine captures packets and transmit the captured packets to a machine running Wireshark using the protocol used by OmniPeek or the TZSP protocol, those packets are dissected by Wireshark, so it can analyze packets captured on a remote machine at the time that they are captured.
In Wireshark, there are color codes and the users see packets highlighted in black, blue and green. It helps users in identifying the types of traffic at one glance. Black color determines TCP packets with problems. Blue colors are the DNS traffic while Green is the TCP traffic.
Is Wireshark Free?
Wireshark is an open-source and free packet analyzer. You can go to its website (https://www.wireshark.org/download.htmlZ) and download the installer that is compatible with your system.
Does Wireshark Work on all Operating Systems?
Wireshark uses pcap to capture packets and runs on OSX, GNU/Linus, Solaris, Microsoft Windows and other operating systems that are Unix like.
What are the Typical Uses for Wireshark?
People use Wireshark to troubleshoot problems with their network, examine problems with security, protocol implementations debugging and learn more about the network protocol internals.
dSniff is a network traffic analysis and password sniffing tool created by Dug Song to parse various application protocols and extract relevant data. dsniff, mailsnarf, filesnarf, msgsnarf, urlsnarf and webspy monitors a network for interesting information like emails, passwords and files while macof, dnsspoof and macof help in the interception of network traffic that is normally unvailable to the attacker.
Is dSniff Free?
Yes, use of this tool is free.
Does dSniff Work on all Operating Systems?
dSniff works on Linux, Windows and MAC OS X Operating systems.
What are the Typical Uses for dSniff?
The use of this tool is to sniff usernames, passwords, email contents, and webpages visited. As the name implies, dsniff is a network sniffer but can also be used to disrupt behavior of normal switched networks and can cause network traffic from other hosts on the same network. It handles protocols like FTP, Telnet, LDAP, IMAP, NNTP, POP, OSPF, NFS, VRRP, Citrix ICA, Rlogin and many more.
Scapy is a very popular and useful packet crafting tool which works by manipulating packets. Scapy can decode packets from within a wide range of protocols. Scapy is able to capture packets, correlate send requests and replies, and more. Scapy can also be used to scan, traceroute, probe or discover networks. Our understanding is that Scapy can be used as a replacement for other tools like nmap, arpspoof, tcpdump, p0f, and others).
Is Scapy Free?
Yes, Scapy is free.
Does Scapy Work on all Operating Systems?
Scapy is compatible with Linux, Windows and MAC OS X operating systems.
What are the Typical Uses for Scapy?
Scapy can execute certain attacks that other tools are unable to, for example, being able to send invalid frames, inject 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel and more). In summary, this is a pretty damn cool tool. framework and we’d really value your feedback and comments regarding your experience in using Scapy.
Cain and Abel is a one of the most popular tool used for password recovery. If you're unsure which tool to use for password cracking then we'd suggest this one to start with. It can recover various kinds of passwords by using methods such brute force attacks, cryptanalysis attacks and one of the most used which is the dictionary attack. This tool is maintained by Sean Babcock and Massimiliano Montor.
Is Cain and Abel Hacking Tool Free?
Yes! It is one of the most used and popular free hacking tool found on the internet.
Does Cain and Abel Hacking Tool Work on all Operating Systems?
Unfortunately, Cain and Abel is only available for Windows Operating Systems (oddly if you ask me...)
What are the Typical Uses for Cain and Abel Hacking Tool?
There are a lot of uses for Cain and Abel and this includes cracking of WEP and ability to crack LM & NTLM hashes, NTLMv2 hashes, Microsoft Cache hashes, Microsoft Windows PWL files Cisco IOS – MD5 hashes and many more, speeding up packet capture speed via wireless packet injection, record VoIP conversations, decoding of scramble passwords, traceroute, hashes Calculation, dumping of Protected storage passwords, ARP spoofing, Network Password Sniffer, LSA secret dumper and IP to Mac Address resolver.
Etherape is a Graphical Network Monitor that is modeled after etherman. It features an IP, TCP and link layer modes that displays network activity graphically. The tool is also able to link host changes with regards to size and traffic. It also has a color coded protocols displays. This tool supports Hardware and Protocols such as FDDI, Ethernet, ISDN, Token Ring, SLIP, PPP and WLAN devices plus a lot of encapsulation formats. EtherApe can filter traffic to be shown and can read packets coming from a file as well as life from the network. Node statistics can also be exported.
Is Etherape Free?
Yes, Etherape is free to use.
Does Etherape Work on all Operating Systems?
Etherape works on Linux and MAC OS X operating systems.
What are the Typical Uses for Etherape?
Etherape is primarily used to track several types of network traffic.
Ettercap is an open source network security tool made for man in the middle attacks on local area networks. This tool is also classic for ARP poisoning. It works by ARP poisoning the computer systems and putting a network interface into promiscuous mode. Thereby it can unlease several attacks on its victims. It also has a plugin support so features can be extended by putting new plugins.
Is Ettercap Free?
Ethercap is free and can be downloaded through their website.
Does Ettercap Work on all Operating Systems?
It works on several operating systems including Windows, MAC OS X and Linux.
What are the Typical Uses for Ettercap?
Ettercap is used to content filtering on the fly, sniff live connection and many more. It is also used for security auditing and computer network protocol analysis. It has the capability to intercept traffic on a network segment, conduct active eavesdropping against common protocols and also used to capture passwords.
Inssider is a wireless network scanner and was designed to overcome limitation of another tool which is NetStumbler. Inssider can track signal strength over time, open wireless access points and save logs with GPS records.
Is Inssider Free?
This is now a pay to use application.
Does Inssider Work on all Operating Systems?
It can be used on both Windows and Apple operating systems.
What are the Typical Uses for Inssider?
There are several uses for Inssider. It can collect data from wireless card and software. Assist with selecting the best wireless channel available. Render useful Wi-Fi network information such as SSID, MAC, vendor, data rate, signal strength, and security. Show graphs that signal strength over time. Shows which Wi-Fi network channels overlap. It also offers GPS support and data can be exported as Netstumbler (.ns1) files.
This is another classic tool which can be used for Packet Sniffing. We've covered this tool a ton - it's worth checking out our Wireless Hacking sub-directory of tools here.
Kismet is also used for packet sniffing and crafting packets to hack into networks and brute force passwords. We've covered this tool a ton - it's worth checking out our Wireless Hacking sub-directory of tools here.
We've covered this tool a ton - it's worth checking out our Wireless Hacking sub-directory of tools here.
Network Miner is created by Netresec – a cyber security software vendor. Netresec specialize in software and programs for network forensics and analysis of network traffic. Obviously, as a security professional, understanding what is happening on your network is half of the battle. NetworkMiner ships in a free and paid version, which we highly recommend since it is always beneficial to start with a ‘free’ version before migrating to the supported commercial version if you are happy with this network security tool.
Is NetworkMiner Free?
NetworkMiner ships in a free and paid version, which we highly recommend since it is always beneficial to start with a ‘free’ version before migrating to the supported commercial version if you are happy with this network security tool.
Does NetworkMiner Work on all Operating Systems?
NetworkMiner is a Network Forensic Analysis tool designed for Microsoft Windows.
What are the Typical Uses for NetworkMiner?
NetworkMiner is used as a passive network sniffer or packet capturing tool in order to detect various sessions, hostnames, open ports, operating systems and vice versa without putting any traffic on the network. It is also use to parse pcap files for analysis offline and be able to reassemble transmitted data files and certificated from pcap files. The display on NetworkMiner focuses on the hosts and attributes rather than raw packets.
This tool – ngrep – (which is a concatenation of ‘Network Grep’) is a network packet analyzer usin the command line and is reliant on the pcap library and the GNU regex library. ngrep is similar to tcpdump, but it offers more in that it will show the ‘regular expression’ in the payload of a packet, and also demonstrate the matching packets on a screen or console. The end result is that the user (typically a penetration tester or network security engineer) will see all unencrypted traffic being passed over the network. You need to put the network interface into promiscuous mode in order for this to work.
Is Ngrep Free?
Downloading and using of Ngrep is free.
Does Ngrep Work on all Operating Systems?
It works on operating systems running Linux, Windows and MAC OS X.
What are the Typical Uses for Ngrep?
Ngrep is used to store traffic on the wire and store pcap dump files and read files generated by tools like tcpdump or wireshark.
Socat is a command-line utility that creates two bidirectional byte streams and transfers the data between them. Since the streams can be constructed from a huge set of different types of data sources and sinks, and because of many address options that may be applied to these streams, Socat can be used for various purposes.
Is Socat Free?
Yes, Socat is free.
Does Socat Work on all Operating Systems?
It works on Linux, Windows and MAC OSX operating systems.
What are the Typical Uses for Socat?
One of the uses of Socat is that it works similar to Netcat wherein it functions over a number of protocols and through pipes, devices files, sockets, a client for SOCKS4, proxy Connect etc. It gives logging, forking and dumping different modes for interprocess communication and a lot more options. It can also be used to attack weak firewalls or even as a TCP fort forwarder.
Hping is a popular packet crafting tool used by penetration testers and IT Security auditors. Hping is essentially a command-line oriented TCP/ IP packet assembler and analyzer. This tool supports a wide variety of protocols such as TCP, UDP, ICMP and RAW-IP protocols. Hping also has a traceroute mode, the ability to send files between a covered channel, and various other features. Hping is a great tool to use when learning about TCP/ IP.
Is Hping Free?
Yes, Hping is free.
Does Hping Work on all Operating Systems?
This hacking tool works on Linux, MAC OSX and Windows operating systems.
What are the Typical Uses for Hping?
According to the developers, whilst hping was primarily used as a security tool in the past, it has many other uses including an In-depth port scanning, testing Firewall, manual path MTU discovery, testing networks using different protocols, TOS, fragmentation, remote OS fingerprinting, advanced traceroute, under all the supported protocols, TCP/ IP stacks auditing and remote uptime guessing.
You may also like...
We've interviewed over 25 Cybersecurity Professionals to ask them that exact question...
A packet sniffer, also referred to as a packet, protocol or network analyzer — is typically a piece of hardware or software used to detect and monitor network traffic. Sniffer tools work by examining streams of data packets that flow within the viens of a network, i.e. between computers on a network as well as between networked computers. This typically exists within an Intranet environment.
When we refer to “packet sniffing” what we mean is the ability in using “packet sniffing tools” to capture packets of data that are moving through a computer network. The software tools that do this task are referred to as “packet sniffers”.
In packet-switched networks, the data is sent and received by being broken into several individual packets. These individual packets are reassembled after all the data packets reach their final destination. When a packet sniffer is installed in the network, the sniffing tool will be able to intercept the network traffic and captures the raw data packets. A good example of a sniffing tool that can do this is Wireshark.
You’re absolutely allowed to monitor your computers and network but you cannot install packet-sniffing tools and software a network without explicit permission for obvious reasons. Doing so would, without doubt, label your actions as a rogue operator and “hacker”.
An effective method of being able to protect data from packet sniffing tools is to (encrypt) or “tunnel” your connectivity through a virtual private network, or a VPN. A VPN encrypts the traffic being sent between your computer and the destination. A packet sniffing tool would still see the data but it would be seen as ciphertext. i.e. encrypted.
Packet sniffing tools work at the data link layer of the OSI model, i.e. where MAC addresses work; which is “Layer 2”. IP addresses and packets are layer 3, whilst MAC addresses are Layer 2. Your installation of Wireshark would therefore be at Layer 2 (for example should you decide to use that specific packet sniffing tool).
Wireshark is by far the most popular (free) open-source packet analyzer. The tool is used for network troubleshooting, data analysis, packet analyzing software and communications protocol development. The folks behind this popular tool also deploy a bunch of useful certifications.
Packet sniffing tools works by intercepting and logging HTTP/HTTPS traffic that passes over a digital network or part of a network. These tools essentially act like a MITM (Man In The Middle) piece of software. Typically these tools can be tweaked to your specifications.
Packet Capture is a networking term for being able to intercept data packet information that is in transit. Once a data packet is captured in real-time, it is stored for a period of time so that it can be further analyzed, and then an action can be taken.
Packet Editing or Packet Modification is the art (and science of course!) of being able to modify data packets that are either in transit or initiated in transit There are a bunch of tools that can used for data modification (‘packet crafting’) such as Scapy, Netdude and Ostinato all of which allow the “hacker” or Security Professional to modify packets.