NGSEC's penetration test sniffer

From: Fermín J. Serna (fjserna@ngsec.com)
Date: Sun Sep 22 2002 - 12:09:31 EDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Pen-Testers:

Recently NGSEC has released a command line sniffer for win2k or higher. It
dows not require any packet driver or alike. It was developed for
penetration tests once you have access for a cmd.exe shell.

Download it at:

              http://www.ngsec.com/ngresearch/ngtools/

Hope it would be useful :P

Here is a sample output:

 C:\ngsec\ngsniff>ngsniff 0
 ngSniff v1.0 by NGSEC Research Team <labs@ngsec.com>
 FREEWARE command line sniffer
 Next Generation Security Technologies
 http://www.ngsec.com

 Sniffing...

 IP HEADER 192.168.1.1 -> 192.168.1.254
 --------------------------------------
  IP->version: 4
  IP->ihl: 5
  IP->tos: 0
  IP->tot_len: 160
  IP->id: 12800
  IP->frag_off: 0
  IP->ttl: 128
  IP->protocol: 17
  IP->checksum: 52013

 UDP HEADER
 ----------
  UDP->sport: 1028
  UDP->dport: 1900
  UDP->ulen: 140
  UDP->checksum: 26754

 ----- Begin of data dump -----
 4d 2d 53 45 41 52 43 48 20 2a 20 48 54 54 50 2f M-SEARCH * HTTP/
 31 2e 31 0d 0a 48 4f 53 54 3a 20 32 33 39 2e 32 1.1..HOST: 239.2
 35 35 2e 32 35 35 2e 32 35 30 3a 31 39 30 30 0d 55.255.250:1900.
 0a 4d 41 4e 3a 20 22 73 73 64 70 3a 64 69 73 63 .MAN: "ssdp:disc
 6f 76 65 72 22 0d 0a 4d 58 3a 20 33 0d 0a 53 54 over"..MX: 3..ST
 3a 20 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 : urn:schemas-up
 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 np-org:service:W
 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 ANIPConnection:1
 0d 0a 0d 0a ....
 ----- End of data dump -----

 ^C
 C:\ngsec\ngsniff>

Fermín J. Serna
Next Generation Security Technologies
http://www.ngsec.com

NGSecureWeb: Protect your webserver against known & unknown attacks
             http://www.ngsec.com/ngproducts/ngsw/index.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6

iD8DBQE9jetCjqrDERN0jroRApMaAJ9HNV2sAPfSeEavOdrvirX5x+kpdgCeO5yQ
5509l0pFA7GjXzHWisILZ5s=
=bN7x
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:25 EDT