Networking Software



Networking Software   Sam Spade


Sam Spade is a comprehensive network investigation tool named after the private eye played by Humphrey Bogart in the movie The Maltese Falson. It comes as both an online version and a downloadable version that can be installed on a personal workstation. The Sam Spade tool acts as a sleuth that finds as much public information about an IP address or DNS address. Suppose that your firewall logs show that someone tried to scan your network for open ports and the log lists the potential intruder's IP address. This is where Sam Spade comes in handy.

Sam Spade provides the functionality to find more information about the IP address such as:

  • Who the IP address is registered to
  • The route between your computer and the computer at the remote IP address
  • Search for registration records for this IP address to find out the Internet Service Provider (ISP) who owns the IP address
  • Contact information for the ISP

As you use Sam Spade, keep in mind that the above is only a small portion of what the tool can provide in tracking down information. The software is not very intuitive and may take awhile to get used to.

  SamSpade.org
  SamSpade.org Download Sites
  SamSpade.org Tools

   
Networking Software   SuperScan


By far, SuperScan is one of the easiest port scanners to use, and best of all, it's free. Hackers use port scanners to probe systems for TCP ports on which there is a reply. After on open TCP port has been successfully located, the hacker can try to break into the computer using this port. Just as a hacker would use tools of this nature, SuperScan can be used by network administrators to secure their network. Network administrators often use port scanners to check for open ports that may signal vulnerabilities.

A very common use of port scanners, like SuperScan, it to test your firewall by running the port scanner against it. Ensure that your firewall is only replying on ports that you have set up for authorized connections from the Internet into your network. SuperScan can be configured to check any range of ports, and you can even tell it to scan an entire range of IP addresses, making it possible to check your entire network at once.

Note: Ensure that you only run a port scanner against computers where the owner has given you permission to do so. Running tools like this against computers may result in you getting reported to your ISP who may cancel your account. It is also a good idea to contact your ISP and let them know you will be running port scanning software and that you have already recieved permission from the owner. ISP often monitor thier systems to track accounts that are running port scanning software.

  Foundstone
  Foundstone - Free Tools

   
Networking Software   SuperScanFScan


Just like SuperScan, FScan is another port scanner and was written by Foundstone. It is command-line utility and is not as user-frienfly as SuperScan but does provide several other nice advantages. One nice feature is the ability to redirect the results of a scan to a text file for further processing. Another, and probably the most significant, is that it can perform scans for open UDP ports in addition to TCP ports. Kind in mind though that UDP port scans are not very reliable. A properly secured network, for example, shows no difference between open and closed UDP ports, but if a computer is not configured to be secure, you may be able to find open UDP ports, and in some cases you can use a UDP port scan to find vulnerabilities.

Note: Ensure that you only run a port scanner against computers where the owner has given you permission to do so. Running tools like this against computers may result in you getting reported to your ISP who may cancel your account. It is also a good idea to contact your ISP and let them know you will be running port scanning software and that you have already recieved permission from the owner. ISP often monitor thier systems to track accounts that are running port scanning software.

  Foundstone
  Foundstone - Free Tools

   
Networking Software   Netstat


Netstat is a TCP/IP utility that is included with almost all versions of Windows and UNIX. It is the quickest way to discover what TCP and UDP ports are in use on a given computer. Since netstat is included with most modern operating systems, there is no need to download anything to start using this utility. Network administrators can use netstat to generate a list of ports in use, then check to see whether all of them should indeed be in use. The output from netstat can also be used to determine if certain programs are being used and that might present a vulnerability. In addition, you can use netstat to list all current connections that your computer has established to other computers, as well as what incoming connections exist. You get results about both open connections and listening ports by using the -a option, as in netstat -a. Because netstat is most likely included with your operating system, you can use it directly from a command line.

Note: If you find that the netstat command takes too long to complete, this is because it tries to resolve all IP addresses to DNS names. To speed up the operation, use the - n option, as in netstat -n, which instrucuts netstat to skip the time-consuming name lookups and just how IP addresses.

  Foundstone
  Foundstone - Free Tools

   
Networking Software   TCPView


TCPView is a program that gives you similar information to the netstat command. Unlike netstat, it presents this information in a much more usable format and is often more accurate.

  TCPView
  TCPView Professional

   
Networking Software   TDIMon


TDIMon gives you detailed information on programs on your computer that are accessing the network using TCP/IP. TDIMon can show you in real time what programs are using the network and what port each program has opened. This can be very helpful when you need to have exact information about how a given program is accessing the network.

  TDIMon

   
Networking Software   FPort


Netstat, TCPView, and TDIMon give you useful information about the ports that are used by applications running on your computer. FPort performs similar tasks from a slightly different angle. If shows you all the ports that are currently open on your computer and lists the programs that have opened each of these ports. You can use this tool to get a good idea of why certain ports are open, and whether you should use your firewall to close them. FPort is a free utility.

  Foundstone
  Foundstone - Free Tools

   
Networking Software   Snort


Despite its funny name, Snort is a capable intrusion detection system that works well on smaller networks. Snort performs real-time network traffic logging and analysis. For example, you can configure Snort to capture all packets on a network segment and scan them for the tell-take signs of intrusion attempts. Although Snort is very capable, you should be prepared to spend some time learning how to use it. Also, if you want to customize Snort to look for newly discovered attacks, you may have to spend additional time configuring and customizing it. Snort is available for Windows and several UNIX platforms.

  Snort - The Open Source Network Intrusion Detection System

   
Networking Software   Network Monitor


If you are using Windows NT Server or Windows 2000 Server, you have access to a powerful network protocol analyzer. Network Monitor is similar to Snort in it ability to capture network packets. You can then look at teh packets, including all characters included in the network packet, to troubleshooting connection information. You can also see exactly which packets were sent across the network. Network Monitor breaks up the packets into its components and gives you detailed information on packet headers and other components of teh network traffic.

The version of Network Monitor that is included with Windows NT and Windows 2000 captures only network traffic that was sent or received by the computer that it runs on. To use the full-featured version that captures all network traffic, you have to buy Microsoft Systems Management Server. Still, even the scaled-down version is a powerful adn useful tool. It is not installed by default, so you have to add this optional component to your installation of Windows NT Server or Windows 2000 Server.

   
Networking Software   NetCat


Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. Netcat is now part of the Red Hat Power Tools collection and comes standard on SuSE Linux, Debian Linux, NetBSD and OpenBSD distributions.

Like many powerful tools available to network administrators, NetCat also has a number of uses for hackers, so it makes sense for administrators to familiarize themselves with all its features. Knowing and understanding what tools the hackers use is crucial to securing your network.

NetCat is now available for both UNIX and Windows. The current version for UNIX was released in 1996 by hobbit. The Windows version was released by Chris Wysopal in 1998. Both hobbit and Chris are part of @stake, Inc.

  @stake, Inc.
  @stake Research Tools - Network Utility Tools



Last modified on: Saturday, 18-Sep-2010 17:28:46 EDT
Page Count: 1470