Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Presenting "inp"

  1. #1
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default Presenting "inp"

    I'm working on a program called "inp", short for "Internet Prober". Its purpose is to accelerate the process of finding out how, on a particular LAN, you can get access to the internet.

    As I currently have in mind, the program will do the following:

    1) Passively listen to packets bouncing back and forth, keeping a record of what IP addresses are associated with what MAC address (in particular it will observe where public IP packets are originating from and where they're being sent to).
    2) Send out ARP requests to the network to get a greater list of MAC addresses.
    3) Send public IP packets to each MAC address (if any machine acts as a router to the internet this will provoke a response from the internet, and of course that will be caught by the sniffer).
    4) Send DNS and HTTPProxy packets to each machine to see if these services are running (which are strong indicators of an internet connection).
    5) Watch out for packets that carry the HTTPProxy protocol, see where they're going to and where they're coming from (because they could be going to a different LAN if it's a complicated network).

    The data will be displayed on-screen something like as follows:

    Code:
                        ---------------------------------------------------
                        |    PRIVATE    |     PUBLIC    |      DAEMONS    |
    --------------------------------------------------------------------------------------------
           MAC          |  Src  /  Dst  |  Src  /  Dst  |  DNS  |  Proxy  |  IP's
    --------------------------------------------------------------------------------------------
     00:30:4f:aa:bb:cc  |    1  /    1  |    2  /    3  |   -   |         || 192.168.1.1
                                                                             208.67.222.222
                                                                             70.42.251.42
                                                                             208.68.234.113
    ---------------------------------------------------------------------------------------------
     01:00:5e:aa:bb:cc  |    0  /    0  |    0  /    1  |   -   |         || 239.255.255.250
    ---------------------------------------------------------------------------------------------
     00:c0:ca:aa:bb:cc  |    1  /    1  |    0  /    0  |   -   |         || 192.168.1.123
    ---------------------------------------------------------------------------------------------
    I'd like to upload a simplified version of the program that just sniffs, to see what people think of the interface and to get feedback. Basically what you'd do is run the program, then play around pinging different machines on your network, or open up your web browser and load different pages from the internet, then go back to my program and see what info it has.

    Anyone know where I can upload the code for this? I don't have any webspace. Maybe Sourceforge or somewhere like that would oblige me? Anyone got connections? All I need is a couple of kilobytes.

  2. #2
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    REVISION: Deathray is now kindly hosting Inp so I've changed the link below.

    I've uploaded a tar file to here:

    http://www.bfx.dk/virchanza/

    Just untar it into a folder and hit "cat README".

    Once you've got inp running, do stuff like the following to create traffic:
    1) Ping other machines on your network
    2) Run netdiscover
    3) Do nslookups
    4) Open Firefox and do some browsing
    5) Whatever else tickles your fancy

    The program isn't much use as it is right now, but I'd like for people to offer their suggestions on the interface and so forth. Once I know what the interface is gonna be, I can add functionality to the program.

    All comments, questions, suggestions, feature requests, etc. are welcomed.

  3. #3
    Senior Member
    Join Date
    Jan 2006
    Posts
    1,334

    Default

    Interesting project.
    Thanks for sharing on the boards.

    Good luck

  4. #4
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Going to check it out me self...
    dd if=/dev/swc666 of=/dev/wyze

  5. #5
    Member
    Join Date
    Mar 2010
    Posts
    123

    Default

    wow - awesome stuff - this could save some legwork - checking it out now

    Thanks for sharing your work

  6. #6
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Interesting and good idea. Thanks for sharing.
    I'll try it out.
    Don't eat yellow snow :rolleyes:

  7. #7
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Anyone got any comments on the interface? At the moment I'm making the following additions:

    1) Public IP addresses appear in red, private IP's appear in cyan.
    2) IP addresses are sorted, firstly by privateness, then by actual number.
    3) You can put a maximum on how many IP's will be listed for each MAC.
    4) MAC addresses will be listed even if there was never an IP address to associate with them (this would be the case for instance if one machine sent a non-IP Ethernet frame to another machine).

  8. #8
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    inp is from now on hosted here (:

    http://www.bfx.dk/virchanza/
    - Poul Wittig

  9. #9
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Great stuff, thanks a lot. Just to give an update, I've been working on the program and I'll be releasing Version 1 in the next couple of days. The changes so far are as follows:

    1) Colourful display, makes it a hell of a lot easier to understand the info being displayed to the screen.
    2) Loads of command line options, for instance you can choose to ignore MAC addresses that have no know IP, and also you can limit the amount of IP's that show on the screen for a given MAC (because on some networks you might get bazillions of IP's that will fill the screen).
    3) You can change which networks are considered "private" and which are considered "public". (For instance if you're pentesting on a LAN that has public IP addresses, you probably want to add that network to the list of "private" networks).
    3) No longer passive, it tries to send TCP SYN packets to port 80 of your favourite website (right now I've got the IP address for Google hard-coded into it, but you can supply any IP at the commandline).

    From the offset I planned on the program being cross-platform so that it would run on pretty much any machine that has a network interface and a screen, but for now I'm focusing on Linux. (If you take a quick peak at the source code though you'll see how I've already written the code for Windows, but unfortunately it doesn't perform well on Windows because the Winpcap library takes about a billion years to receive a frame).

    If anyone out there has experience with different platforms, and would like Inp to work on a particular platform, just give me a shout, I'd be delighted to make it work on more and more machines. If anyone's got experience working with game consoles I'd be particularly interested!
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  10. #10
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Check your PM, virchanza.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •