|
|
| Line 1: |
Line 1: |
| − | =Network Forensics Packages and Appliances=
| + | '''vnconfig''' [[OpenBSD]] vnode disks for file swapping or pseudo file system configuration tool. Supports encrypting the data using the Blowfish cipher before it is written to disk when the -K flag is specified. Use -s to specify a saltfile. |
| − | ; [[E-Detective]]
| + | |
| − | : http://www.edecision4u.com/
| + | |
| − | : http://www.digi-forensics.com/home.html
| + | |
| | | | |
| − | ; [[Burst]]
| + | == External Links == |
| − | : http://www.burstmedia.com/release/advertisers/geo_faq.htm
| + | |
| − | : Expensive IP geo-location service.
| + | |
| | | | |
| − | ; [[chkrootkit]]
| + | * [http://www.openbsd.org/ OpenBSD Official website] |
| − | : http://www.chkrootkit.org
| + | * [http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8: OpenBSD Manpages: vnconfig(8)] |
| | | | |
| − | ; [[cryptcat]]
| + | [[Category:Encryption]] |
| − | : http://farm9.org/Cryptcat/ | + | |
| − | | + | |
| − | ; [[Enterasys Dragon]]
| + | |
| − | : http://www.enterasys.com/products/advanced-security-apps/index.aspx
| + | |
| − | : Instrusion Detection System, includes session reconstruction.
| + | |
| − | | + | |
| − | ; [[MaxMind]]
| + | |
| − | : http://www.maxmind.com
| + | |
| − | : [[IP geolocation]] services and data provider for offline geotagging. Free GeoLite country database. Programmable APIs.
| + | |
| − | | + | |
| − | ; [[netcat]]
| + | |
| − | : http://netcat.sourceforge.net/
| + | |
| − | | + | |
| − | ; [[netflow]]/[[flowtools]]
| + | |
| − | : http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml
| + | |
| − | : http://www.splintered.net/sw/flow-tools/
| + | |
| − | : http://silktools.sourceforge.net/
| + | |
| − | : http://www.vmware.com/vmtn/appliances/directory/293 Netflow Appliance (VMWare)
| + | |
| − | | + | |
| − | ; NetIntercept
| + | |
| − | : http://www.sandstorm.net/products/netintercept
| + | |
| − | : NetIntercept captures whole packets and reassembles up to 999,999 TCP connections at once, reconstructing files that were sent over your network and creating a database of its findings. It recognizes over 100 types of network protocols and file types, including web traffic, multimedia, email, and IM.
| + | |
| − | | + | |
| − | ; [[NetworkMiner]]
| + | |
| − | : http://networkminer.wiki.sourceforge.net/NetworkMiner
| + | |
| − | : NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network [[sniffer]]/packet capturing tool or to parse PCAP files for off-line analysis.
| + | |
| − | | + | |
| − | ; [[rkhunter]]
| + | |
| − | : http://rkhunter.sourceforge.net/
| + | |
| − | | + | |
| − | ; [[ngrep]]
| + | |
| − | : http://ngrep.sourceforge.net/
| + | |
| − | | + | |
| − | ; [[nslookup]]
| + | |
| − | : http://en.wikipedia.org/wiki/Nslookup
| + | |
| − | : Name Server Lookup command line tool used to find IP address from domain name.
| + | |
| − | | + | |
| − | ; [[Sguil]]
| + | |
| − | : http://sguil.sourceforge.net/
| + | |
| − | | + | |
| − | ; [[Snort]]
| + | |
| − | : http://www.snort.org/
| + | |
| − | | + | |
| − | ; [[ssldump]]
| + | |
| − | : http://ssldump.sourceforge.net/
| + | |
| − | | + | |
| − | ; [[tcpdump]]
| + | |
| − | : http://www.tcpdump.org
| + | |
| − | | + | |
| − | ; [[tcpxtract]]
| + | |
| − | : http://tcpxtract.sourceforge.net/
| + | |
| − | | + | |
| − | ; [[tcpflow]]
| + | |
| − | : http://www.circlemud.org/~jelson/software/tcpflow/
| + | |
| − | | + | |
| − | ; [[truewitness]]
| + | |
| − | : http://www.nature-soft.com/forensic.html
| + | |
| − | : Linux/open-source. Based in India.
| + | |
| − | | + | |
| − | ; [[etherpeek]]
| + | |
| − | : http://www.wildpackets.com/products/etherpeek/overview
| + | |
| − | | + | |
| − | ; [[Whois]]
| + | |
| − | : http://en.wikipedia.org/wiki/WHOIS Web service and command line tool to look up registry information for internet domain.
| + | |
| − | : http://www.arin.net/registration/agreements/bulkwhois.pdf Bulk WHOIS data request from ARIN
| + | |
| − | | + | |
| − | ; [[IP Regional Registries]]
| + | |
| − | : http://www.arin.net/community/rirs.html
| + | |
| − | : http://www.arin.net/index.shtml American Registry for Internet Numbers (ARIN)
| + | |
| − | : http://www.afrinic.net/ African Network Information Center (AfriNIC)
| + | |
| − | : http://www.apnic.net/ Asia Pacific Network Information Centre (APNIC)
| + | |
| − | : http://www.lacnic.net/en/ Latin American and Caribbean IP Address Regional Registry (LACNIC)
| + | |
| − | : http://www.ripe.net/ RIPE Network Coordination Centre (RIPE NCC)
| + | |
| − | | + | |
| − | ; [[Wireshark]] / Ethereal
| + | |
| − | : http://www.wireshark.org/
| + | |
| − | : Open Source protocol analyzer previously known as ethereal.
| + | |
| − | | + | |
| − | ; [[Kismet]]
| + | |
| − | : http://www.kismetwireless.net/
| + | |
| − | : Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
| + | |
| − | | + | |
| − | ; [[Xplico]]
| + | |
| − | : http://www.xplico.org/
| + | |
| − | : Open Source Network Forensic Analysis Tool (NFAT). Protocols supported: [http://www.xplico.org/status.html HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...]
| + | |
| − | | + | |
| − | =Command-line tools=
| + | |
| − | | + | |
| − | [[arp]] - view the contents of your ARP cache
| + | |
| − | | + | |
| − | [[ifconfig]] - view your mac and IP address
| + | |
| − | | + | |
| − | [[ping]] - send packets to probe remote machines
| + | |
| − | | + | |
| − | [[tcpdump]] - capture packets
| + | |
| − | | + | |
| − | [[snoop]] - captures packets from the network and displays their contents ([[Solaris]])
| + | |
| − | | + | |
| − | [[nemesis]] - create arbitrary packets
| + | |
| − | | + | |
| − | [[tcpreplay]] - replay captured packets
| + | |
| − | | + | |
| − | [[traceroute]] - view a network path
| + | |
| − | | + | |
| − | [[gnetcast]] - GNU rewrite of netcat
| + | |
| − | | + | |
| − | [[packit]] - packet generator
| + | |
| − | | + | |
| − | [[nmap]] - utility for network exploration and security auditing
| + | |
| − | | + | |
| − | ==ARP and Ethernet MAC Tools==
| + | |
| − | | + | |
| − | [[arping]] - transmit ARP traffic
| + | |
| − | | + | |
| − | [[arpdig]] - probe LAN for MAC addresses
| + | |
| − | | + | |
| − | [[arpwatch]] - watch ARP changes
| + | |
| − | | + | |
| − | [[arp-sk]] - perform denial of service attacks
| + | |
| − | | + | |
| − | [[macof]] - CAM table attacks
| + | |
| − | | + | |
| − | [[ettercap]] - performs various low-level Ethernet network attacks
| + | |
| − | | + | |
| − | ==CISCO Discovery Protocol Tools==
| + | |
| − | [[cdpd]] - transmit and receive CDP announcements; provides forgery capabilities
| + | |
| − | | + | |
| − | ==ICMP Layer Tests and Attacks==
| + | |
| − | [[icmp-reset]]
| + | |
| − | | + | |
| − | [[icmp-quench]]
| + | |
| − | | + | |
| − | [[icmp-mtu]]
| + | |
| − | | + | |
| − | [[ish]] - ICMP shell (like SSH, but uses ICMP)
| + | |
| − | | + | |
| − | [[isnprober]]
| + | |
| − | | + | |
| − | ==IP Layer Tests==
| + | |
| − | [[iperf]] - IP multicast test
| + | |
| − | | + | |
| − | [[fragtest]] - IP fragment reassembly test
| + | |
| − | | + | |
| − | ==UDP Layer Tests==
| + | |
| − | | + | |
| − | [[udpcast]] - includes UDP-receiver and UDP-sender
| + | |
| − | | + | |
| − | ==TCP Layer==
| + | |
| − | | + | |
| − | [[lft]] http://pwhois.org/lft - TCP tracing
| + | |
| − | | + | |
| − | [[etrace]] http://www.bindshell.net/tools/etrace
| + | |
| − | | + | |
| − | [[firewalk]] http://www.packetfactory.net
| + | |
