/var/logmarcus chiu

Network/Protocol/Packet Analyzer/Sniffer

Created on · Last Modified on

Packet Sniffer/Analyzer
  • also known as a network analyzer, protocol analyzer, or packet sniffer—or, for particular types of networks, an Ethernet sniffer or wireless sniffer
  • is a computer program or piece of computer hardware that can intercept and log traffic that passes over a network

Packet Sniffer/Analyzer - Software

Wireshark (Ethereal)
  • powerful sniffer which can decode lots of protocols, lots of filters

tshark
  • command line version of Wireshark

dumpcap
  • part of Wireshark
  • can only capture traffic and can be used by Wireshark/tshark

Ettercap
  • used for injecting traffic not sniffing
  • sniffer for switched LANs

tcpdump
  • outputs the localhost’s TCP/IP activity
  • limited protocol decoding but available on most *NIX platforms
  • wireshark/tshark/dumpcap can use tcpdump filter syntax as a capture filter

ngrep

libpcap/winpcap/libnet
  • sniffing and injection
  • wireshark/tshark use libpcap (on windows winpcap) for sniffing

libnids
  • packet reassembly library

dsniff
  • sniffing, man-in-the-middle attacks

hunt
  • hijacking

nmap
  • port scanning tool