Computer security "agents" must master the same tools used by the hackers they seek, and many of these programs are available to download for free. The man-in-the middle attack, (also known as the monkey-in-the middle) is a useful method of scanning network data and extracting what is known as interesting data, (passwords, e-mail, data files). Listed below you will find 10 programs used to assault and defend networks around the world.
-
Ethereal is the most widely used network protocol analyzer in the world. Ethereal is a multi-platform sniffer that captures data packets on a wired LAN or a Wireless network. Ethereal can capture up to 683 protocols.
-
DSniff is a suite of programs that can be used in auditing and penetration testing. (Wired network or wireless.) dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf and webspy monitors networks for interesting data (e-mail, files, and passwords). Arpspoof, dnsspoof, and macof intercepts network traffic. All of these tools facilitate the man-in-the middle attack against networks. (Also known as monkey-in-the middle)
-
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
-
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
-
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
-
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. 802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws.
-
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.
-
EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.
-
Netcat: The network swiss army knife A simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
-
PsTools is a set of command line utilities that allow you to manage local and remote systems. PsExec - execute processes remotely PsFile - shows files opened remotely PsGetSid - display the SID of a computer or a user PsKill - kill processes by name or process ID PsInfo - list information about a system PsList - list detailed information about processes PsLoggedOn - see who's logged on locally and via resource sharing (full source is included) PsLogList - dump event log records PsPasswd - changes account passwords PsService - view and control services PsShutdown - shuts down and optionally reboots a computer PsSuspend - suspends processes PsUptime - shows you how long a system has been running since its last reboot (PsUptime's functionality has been incorporated into PsInfo)