Posts tagged: Packets

Aug 28 2009

TrafScrambler – Anti-Sniffer

Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for OSX, licensed under BSD.

Features:

  • Injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences
  • Userland binary(tsctrl) for controlling trafscrambler NKE
  • SYN decoy – sends out number of SYN pkts before the original SYN pkt
  • TCP reset attack – sends out RST/FIN pkt with bad sequence
  • Pre-connection SYN – sends out SYN with wrong TCP-checksum
  • Post-connection SYN – sends out fake SYN after connection establishment
  • Zero Window – send out pkt with “0” window set

Latest Release: trafscrambler-0.2.tgz

Read More: TrafScrambler

Oct 27 2008

Yahoo Messenger Packet Sniffer

This is a small application named Yahoochecker

what it does that it sniff the yahoo messenger packets in your network and you may be able to see all the messeges coming to a particular ip address in your network.

Key: 4BE6183BB5841628

Download :
http://rapidshare.com/files/124893177/yahoochecker.exe.html

Oct 22 2008

Wireshark 1.0.4 Released (Ethereal)

The most popular and my favorite packet sniffer.
Now, Wireshark 1.0.4 (Ethereal) has been released to address multiple security issues along with several powerful features.
Installers for Windows, Mac OS X Intel 10.5, and source code is now available.

WiresharkEthereal

Impact :
It may be possible to make Wireshark crash by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

In This Release :
Security-related bugs in the Bluetooth ACL, Bluetooth RFCOMM, PRP, Q.931, MATE, and USB dissectors, as well as the Tammos CommView file parser have been fixed. See the advisory for details.

Many other bugs have been fixed.

This release includes an experimental package for Mac OS X Intel 10.5. For a complete list of changes, please refer to the 1.0.4 release notes.
Official releases are available right now from the download page.

Resolution :
Upgrade to Wireshark 1.0.4 or later. Due to the nature of the bugs, there is no workaround for previous versions.

Download :
http://www.wireshark.org/download.html

Advisory :
http://www.wireshark.org/security/wnpa-sec-2008-06.html

More Info :
http://www.wireshark.org/news/20081020.html

Oct 17 2008

Nemesis Packet Injection Utility

Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis is developed and maintained by Jeff Nathan .

Nemesis

Nemesis can natively craft and inject packets for :
* ARP
* DNS
* ETHERNET
* ICMP
* IGMP
* IP
* OSPF
* RIP
* TCP
* UDP

Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.

Latest Release : Nemesis 1.4beta3

Download :
http://packetfactory.net/projects/nemesis/
http://nemesis.sourceforge.net/