passer - Passive service locator, a python sniffer that identifies servers, clients, names and much more

  •        4

Quick notes for getting going with passer, the passive service sniffer. You're responsible for getting permission to sniff. If you're using windows or your paths to the support files don't match mine for some other reason, let me know where they are and I'll be glad to update the script.

https://github.com/activecm/passer

Tags
Implementation
License
Platform

   




Related Projects

scapy - Scapy: the Python-based interactive packet manipulation program & library

  •    Python

Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work.

netsniff-ng - The packet sniffing beast

  •    C

netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.

skydive - An open source real-time network topology and protocols analyzer

  •    Go

Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure. Skydive agents collect topology informations and flows and forward them to a central agent for further analysis. All the informations are stored in an Elasticsearch database.

netgraph - A cross platform http sniffer with a web UI

  •    Go

Netgraph is a packet sniffer tool that captures all HTTP requests/responses, and display them in web page. You can run Netgraph in your linux server without desktop environment installed, and monitor http requests/responses in your laptop's browser.

Packet Peeper

  •    Objective-C

Packet Peeper is a network protocol analyzer (or 'packet sniffer') for Mac OS X. Its features include TCP stream reassembly, privilege separation, simultaneous capture sessions, filters, Python plugins and support for pcap capture files.


Moloch - Large scale, full packet capturing, indexing, and database system

  •    Javascript

Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting.

TCPDump - Network Packet Analyzer

  •    C

TCPDump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture. It prints out a description of the contents of packets on a network interface that match the boolean expression. The Packet Capture library provides a high level interface to packet capture systems. All packets on the network, even those destined for other hosts, are accessible through this mechanism.

homer - HOMER - 100% Open-Source SIP / VoIP Packet Capture & Monitoring

  •    Shell

HOMER is a robust, carrier-grade, scalable SIP Capture system and VoiP Monitoring Application offering HEP/EEP, IP Proto4 (IPIP) encapsulation & port mirroring/monitoring support right out of the box, ready to process & store insane amounts of signaling, logs and statistics with instant search, end-to-end analysis and drill-down capabilities for ITSPs, VoIP Providers and Trunk Suppliers using SIP signaling protocol. Powered at the core by SIPCAPTURE Module for industry-standard Kamailio or OpenSIPS, HOMER provides virtually unlimited scope for granular capture configuration either stand-alone or using our companion Capture Agent Project.

wireshark - Read-only mirror of Wireshark's Git repository

  •    C

Wireshark is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems. It uses Qt, a graphical user interface library, and libpcap, a packet capture and filtering library. The Wireshark distribution also comes with TShark, which is a line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the same dissection, capture-file reading and writing, and packet filtering code as Wireshark, and with editcap, which is a program to read capture files and write the packets from that capture file, possibly in a different capture file format, and with some packets possibly removed from the capture.

NetworkMiner packet analyzer

  •    CSharp

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file. NetworkMiner can also extract transmitted files from network traffic. A professional edition of NetworkMiner is available for purchase from NETRESEC at http://www.netresec.com/?page=NetworkMiner

AirTraf - 802.11b network analyzer

  •    Java

AirTraf is a 100% passive network sniffer/analyzer that auto-detects wireless access points, determines wireless nodes associated with the given access points operating at its channels, tracks packet count/byte information of different types of 802.11b as

Bro - Network Security Monitor

  •    C++

Bro is a powerful network analysis framework that is much different from the typical intrusion detection system you may know. Bro provides a comprehensive platform for more general network traffic analysis as well.

tcpreplay - Pcap editing and replay tools for *NIX and Windows - Users please download source from

  •    C

Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 packets and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS's. Tcpreplay supports both single and dual NIC modes for testing both sniffing and in-line devices.Tcpreplay is used by numerous firewall, IDS, IPS, NetFlow and other networking vendors, enterprises, universities, labs and open source projects. If your organization uses Tcpreplay, please let us know who you are and what you use it for so that I can continue to add features which are useful.

AiEngine - Packet Inspection Engine

  •    C++

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. AIEngine helps network/security profesionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on or use them on the engine automatically.

Divert - Windows Packet Divert

  •    C

Windows Packet Divert (WinDivert) is a user-mode packet interception library for Windows 7, Windows 8 and Windows 10. WinDivert enables user-mode capturing/modifying/dropping of network packets sent to/from the Windows network stack. In summary, WinDivert can Capture network packets, Filter/drop network packets, Sniff network packets, (re)inject network packets, modify network packets. It can be used to implement user-mode packet filters, sniffers, firewalls, NATs, VPNs, IDSs, tunneling applications, etc.

joy - A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring

  •    C

Joy is a BSD-licensed libpcap-based software package for extracting data features from live network traffic or packet capture (pcap) files, using a flow-oriented model similar to that of IPFIX or Netflow, and then representing these data features in JSON. It also contains analysis tools that can be applied to these data files. Joy can be used to explore data at scale, especially security and threat-relevant data. JSON is used in order to make the output easily consumable by data analysis tools. While the JSON output files are somewhat verbose, they are reasonably small, and they respond well to compression.

mysql-sniffer - mysql-sniffer is a network traffic analyzer tool for mysql, it is developed by Qihoo DBA and infrastructure team

  •    C

MySQL Sniffer is a network traffic analyzer tool for MySQL, it is developed by Qihoo DBA and infrastructure team. This commandline tool captures and analyzes packets destined for a MySQL server or Client, and outputs them in a standard log format including access time, users, IP, database, query_time, rows number and query.

pasmal (packet auth. sniffer - mal)

  •    C

Packet Auth. Sniffer (or Sequence) Allows you to set on your server this little daemon (pasmal) monitoring tcp/ip amp; icmp, and on the exact good sequence (the one you only know) run processes (a firewall) - such as access list update, iptables,ipchains.