TechSpot - PC Technology News and Analysis

IP Sniffer is a suite of IP Tools built around a packet sniffer.

The packet sniffer can work on all Windows versions using either :

* the new raw socket implementation of Windows2000 (driverless),
* WinPcap (needs to be installed),
* a NDIS protocol (needs to be installed , no reboot).

The sniffer has basic features like filter, decode, replay, parse…

The IP tools are :

- Bandwidth monitor. view
- Adapter statistics (IP & NDIS). view
- Wireless Stumbler.
- List and manage ARP entries, resolve IP to MAC, resolve MAC to IP, send a WAKEUP call. view
- List and manage routes, enable & disable host as a router. view
- List and manage open ports and attached processes. view view
- Edit network config.
- Hook winsock (winsock32.dll & ws2_32.dll).
- Spoof ARP (and do ARP cache poisoning), spoof TCP, spoof UDP, spoof ICMP, spoof DHCP Release.
- Change MAC address, discover remote mac addresses. view
- SNMP Get & Set, List interfaces, Switch port mapper, Media Attachment Unit table.
- WINS Query.
- DNS (advanced) Query, DNS Server, Local resolver.
- DHCP Server (with PXE support), DHCP Discover.
- Whois Query.
- SMTP client.
- TCP tools (TCP ping, TCP half scan, Time-Daytime client/server).
- UDP tools (MSSQL Ping, SNMP ping, SSDP scan, Syslog client/server, Time-Daytime client/server, tftp server).
- ICMP tools.
- TCP/UDP bounce port.
- MS Networks :

Enum servers by type, Spoof net send, Shutdown remote windows, Display remote windows properties, Display remote netbios names, Enum Terminal Services processes and sessions, Enum remote print ports, Enum remote drivers, Enum remote AT jobs, Enum remote scheduled tasks.
- Password tools :

Edit protected storage (IE, Outlook Express, …) , Decrypt Dialup Passwords , Dump XP Credentials ( MSN, network shares, …) & decrypt passwords , Decode IE history, Reveal asterisks / hidden passwords, decode RDP, Decode MSAccess passwords, enum WEP keys.

- List and manage local & remote processes.
- Tiny firewall (using Windows API).
- Get internet IP.

What's New:

1.97
added : savetodb/loadfromdb function in bookmark window (tested with mssql oledb, mysql odbc, excel odbc (dont forget the []))
added : database objects browser
fixed : bugs in rrdtools gui
fixed : support of double values in perfmon
added : can graph an oid value in snmpget
added : block url's based on keywords in http proxy (todo : filter meta keywords)
added : can filter while loading a capture file
fixed : filter for ndis5pkt engine
fixed : capture_mode=raw by default
added : toolbarview & stayontop stored in config.ini
added : debug option in config.ini (hookwindows, hookGetProcAddress, hookmem)
modified : update to latest madexcept version 3.0h
added : arp watch
added : stp decoder
added : dot1stpporttable & stp datas
added : delete arp entry in snmp arp table
added : flood option in arp spoof
todo : mitm (handle router & victim redirection) , ipconflict (reply with ipsrc=victim & macsrc=other) attacks
added : WTSWaitSystemEvent / WTSShutdownSystem / WinStationServerPing / WTSQueryUserToken (must run as localsystem)
modified : raw_sniffer is created only on start action
fixed : print spooler is stopped/started including dependencies
added : geo locating using api.hostip.info and googlemaps
todo : check TcpTimedWaitDelay
added : rpcap support main window