|
|
|
|
Blessed are the Geeks, for they shall internet the earth |
|
Top Network Administrator Tools
Nmap http://www.nmap.org Nmap is a port scanner. A port scanner scans for open ports, such as 80 (http) or 25 (SMTP)
Sam Spade www.samspade.org/ Sam Spade is a multi network query tool with many extra built in utilities, even a tool for spam. It includes utilities such as ping, whois, traceroute, and finger. NetScanTools Pro ($199) http://www.netscantools.com/nstmain.html NetScanTools Pro is an investigation tool that gathers information about the Internet or local LAN users, IP addresses, ports, and many other network specifics. NetScanTools Pro has a Port Scanner, Ping, Traceroute, OS Fingerprinting, NetScanner and custom ICMP packet generator. This tool tests systems and firewalls for vulnerabilities and exposed ports. This utility can also use NetBIOS info to look for open (writeable) Windows shares on the local area network. SuperScan http://www.foundstone.com/ SuperScan
is a powerful connect-based TCP port scanner, pinger and hostname resolver.
Multithreaded and asynchronous techniques make this program extremely fast
and versatile. The Foundstone Group as a multitude of free tools and is a
division of McAfee. NetCat http://netcat.sourceforge.net/ NetCat is a featured networking utility, which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. This tool can also be used as a port sniffer. Sniffers
/ Network Protocol Analyzer
Sniffers and network protocol analyzers capture packets so you can examine them. You can see what resource or port is being used, and where the requesting packets are originating. If a program is mailing spam from a computer, you will see the destination address and port 25 being used. Any program sending packets in or out of your system, a sniffer will capture its progress and display it in a report. Ethereal http://www.ethereal.com/ Ethereal is a powerful multi-platform networkers tool that can be used with Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. A text-based version called ethereal is included. This tool that hackers and network admins preferred tool. EtterCap http://ettercap.sourceforge.net/ Ettercap is a network sniffer/interceptor/logger for Ethernet LANs. It supports active and passive dissection of many protocols. Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN. Snort http://www.snort.org/ A free intrusion detection system (IDS) for the masses. Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine. Many people also suggested that the Analysis Console for Intrusion Databases (ACID) be used with Snort. WinDump / TCPDump http://www.tcpdump.org/wpcap.html WinDump is the porting to the Windows platform of TCPDump, the most used network sniffer/analyzer for UNIX. WinDump is fully compatible with TCPDump and can be used to watch and diagnose network traffic according to various complex rules. It can run under Windows 95/98/ME, and under Windows NT/2000/XP. DSniff http://naughty.monkey.org/~dugsong/dsniff/ DSniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. Process Enumeration Viruses, trojans, rootkits, and other host infections that have been executed can show up in processes inside the task manager, but not always. You cannot rely on the task manager to display all processes; this is why it is necessary to have a program that will detail all running processes. Here are a few programs that I like to use to flush out a hiding pest. Fport http://www.foundstone.com/ Fport
is a great tool that I use often. It reports all open TCP/IP and UDP ports
and maps them to the owning application. This is the same information you
would see using the 'netstat -an' command, but it also maps those ports to
running processes with the PID, process name and path. Fport can be used to
quickly identify unknown open ports and their associated applications.
Foundstone offers over 30 free networking tools to down load from there
website. PsTools
http://www.sysinternals.com/ PsTools
is a suite of fantastic and dangerous (in the wrong hands) command line
utilities made by Mark Russinovich for Windows. In the right hands,
(computer professionals) PsTools can either automatic a computers shutdown,
list a computers running processes, or kill a process. PsTools is a
favorite of network pros and hackers alike. In this book I demonstrate the
use of this tools on page:
·
PsExec - execute processes remotely ·
PsFile - shows files opened remotely ·
PsGetSid - display the SID of a computer or a user ·
PsKill - kill processes by name or process ID ·
PsInfo - list information about a system ·
PsList - list detailed information about processes ·
PsLoggedOn - see who's logged on locally and via resource sharing (full
source is included) ·
PsLogList - dump event log records ·
PsPasswd - changes account passwords ·
PsService - view and control services ·
PsShutdown - shuts down and optionally reboots a computer ·
PsSuspend - suspends processes ·
PsUptime
- shows you how long a system has been running since its last reboot (PsUptime's
functionality has been incorporated into PsInfo) Tlist
Microsoft Resource Kit Tlist is a task list viewer that
can be found in Microsoft Recourse Kit. This tool displays a list of IDs,
names, and windows of processes running on the local computer. Tlist is my
main tool used in my arsenal of anti-hacker tools. It allows me to view not
only the processes running on the system, but where the program is located
within the server. Once you can isolate the alien program running on your
system, you can use kill.exe, another Resource Kit tool to stop it so you
can delete in from your system, or Pskill.exe to remove it. Tasklist
Windows XP Tasklist
displays a list of applications and services with their Process ID (OID) for
all tasks running on either a local or a remote computer. Syntax
tasklist[.exe] [/s computer] [/u domain\user [/p password]] [/fo {TABLE|LIST|CSV}] [/nh] [/fi FilterName [/fi FilterName2 [ ... ]]] [/m [ModuleName] | /svc | /v] Process Killer Programs,
alien or not, run as processes. Sometimes Windows will not allow you to
delete a file if it is running as a process until you stop it first. Here a
few programs that you can use to kill a process with. PsKill.exe From the PsTools
suite of utilities. Kill.exe
This tool can be found with Window Resource Kit. TaskKill
Windows XP TaskKill is an
XP utility that allows you to end one or more tasks or processes. Processes
can be killed by process ID or image name. Syntax
taskkill [/s Computer] [/u Domain\User [/p Password]]] [/fi FilterName] [/pid ProcessID]|[/im ImageName] [/f][/t] Wireless Network Stumbler http://www.stumbler.net/ Network Stumbler is a free Windows 802.11 (wireless) Sniffer. This tool finds open wireless access points, or wardriving, as it is most often referred to. They also distribute a WinCE version for PDAs known as Ministumbler. This tool is free but for Windows-only and no source code is provided by its maker. AirSnort http://airsnort.shmoo.com/ AirSnort is an 802.11 WEP encryption cracking tool for local area networks. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. AirSnort is a Linux based program that can be installed on a Windows computer, but is a little tricky to do so.
|
|
