My TechnoBlogs

For those who can create wonders with Technology……

Posts Tagged ‘Nmap’

Commonly used Network security tools

Posted by Ravi shankar on February 24, 2009

Nmap:

Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Domain Information Groper (DIG) Utility

Dig stands for domain information groper and is included with most standard Linux distributions. Dig can be used to query a DNS server for various records such as IP address lookup for an Domain name, finding email and name servers for a domian, reverse DNS lookups, DNS zone transfers etc. Dig is definitely the swiss knife for a DNS hacker.

Netcat:

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

Airdecap-ng – Wireless Lan (In) Security:

Airdecap-ng is a tool for decrypting WEP / WPA / WPA2 capture files. WEP/ WPA/ WPA2 are the different encryption algorithms provided by IEEE 802.11 suite of protocols.

From these encryption algorithms, WEP used RC4 stream cipher provided by RSA security. The small IV (Initialization Vector) lengths, weak IVs, direct use of master key in encryption are some of the main problems with WEP. WPA comes with two flavors, RADIUS and PSK. PSK is vulnerable to dictionary attacks.

Airdecap-ng is very handy tool for verifying the WEP key or WPA pass-phrase which is acquired using one of the WEP or WPA cracking tools. (like aircrack-ng, airsnort etc).  It can be also used to strip the wireless header from the wi-fi captured files.

Ngrep

Ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

Wireshark

Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types.

Nbtscan

NBTscan is a program for scanning IP networks for NetBIOS name information. It sends a NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address.

Advertisements

Posted in Network Security | Tagged: , , , , , , | Leave a Comment »