Results 1 to 10 of 10

Thread: Tool for silent portscanning and pcap file analysis

  1. #1
    Just burned his ISO
    Join Date
    Apr 2012
    Posts
    4

    Default Tool for silent portscanning and pcap file analysis

    UPDATE - Python version now available at http://netgrab.co.uk/netsleuth-console/

    Hi,

    I knocked up a quick tool that I have been using for "portscanning without sending packets" (as per the talks at last years DefCon). It's free download under the GPL and you can get it here.

    I have been using it to ID (often Operating System and type) and fingerprint machines of interests during a pentest where I need to be careful not to trigger IDS. The tool can also read .pcap files which I've been using for incident response in analysing data.

    It can also read the .pcapdump files outputted from Kismet and has been very useful to me for Wireless pentesting (network broadcast traffic is by far the most common traffic you will be able to see by using Kismet).

    I normally have Windows and BT side by side in a pentest. Currently the tool needs Windows, but I am doing a few fixes to make it run natively on Backtrack. The code or installer is available at http://www.netgrab.co.uk/.

    Let me know what you think and happy to put your suggestions into the tool.

    Thanks!
    Last edited by nfatchris; 08-10-2012 at 10:08 AM.

  2. #2
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Tool for silent portscanning and pcap file analysis

    I await the native backtrack version. I'm hoping that nmap adds this option in, but your tool is great as well. When do you think the native BT version will be out? Do you have formatting options for the output?
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  3. #3
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: Tool for silent portscanning and pcap file analysis

    Thanks, nfatchris I too, await the BT version!
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  4. #4
    Just burned his ISO
    Join Date
    Apr 2012
    Posts
    4

    Default Re: Tool for silent portscanning and pcap file analysis

    Quote Originally Posted by scottm99 View Post
    Thanks, nfatchris I too, await the BT version!
    Many thanks. Sorry for the late reply, I thought I had done - but it must have got chewed up in the system.

    I'm about to do a modification to the application to allow it to run as a command line application. That will make it easily compatible with backtrack after a 'apt-get install mono'. Longer term, I'll look at a Python script but I do expect performance to suffer slightly on larger pcap files.

    What export formats would you like? Let me know and I'll code it in

  5. #5
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Tool for silent portscanning and pcap file analysis

    Running from the command line is perfect. Better for most (i.e. me ) people. As for output options, why not use the nmap output options? Those are extensive and well-liked?
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  6. #6
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: Tool for silent portscanning and pcap file analysis

    I'm with ShadowMaster...the output options from nmap would be perfect. Might I suggest using the same switches as nmap? -oG for greppable output, -oX for XML, etc
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Tool for silent portscanning and pcap file analysis

    Ok I haven't had a chance to play with it but just reading this thread I immediately think: what's the difference between this and p0f?

    http://lcamtuf.coredump.cx/p0f3/
    http://en.wikipedia.org/wiki/P0f
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Tool for silent portscanning and pcap file analysis

    The output is more port oriented as opposed to whatever that one is. Think nmap as a ninja.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  9. #9
    Just burned his ISO
    Join Date
    Apr 2012
    Posts
    4

    Default Re: Tool for silent portscanning and pcap file analysis

    Hi All,

    I've been away alot recently, but I'm about 2/3 of the way to porting the functionality to a python script. This should make it easier for Backtrack users.

    The NMAP output makes alot of sense, I'll implement that in addition to a standard CSV to console style output.

    I'll post a beta version up here in the next few days.

  10. #10
    Just burned his ISO
    Join Date
    Apr 2012
    Posts
    4

    Default Re: Tool for silent portscanning and pcap file analysis

    Hi,

    So I've listened to some of the requests and created a command line version of this tool - you can get it here

    It's written in Python and you won't need to do anything other than download and unzip to run it on Backtrack 5 R2. It pipes CSV output to the command line, but will also (on program exit) create an xml file in the NMAP format. This can be imported into Metasploit for pen testing.

    It's very early alpha, so please contact me with any bugs or new ideas while I develop it further.

    Thanks

Similar Threads

  1. Spectrum Analysis Tool/Suite
    By piZen in forum BackTrack 5 Beginners Section
    Replies: 1
    Last Post: 06-12-2011, 07:43 PM
  2. Ridimensionare file .pcap
    By fly76 in forum Discussioni Generali
    Replies: 1
    Last Post: 01-14-2011, 11:55 PM
  3. Ettercap ecp file to pcap format?
    By 18436572 in forum Beginners Forum
    Replies: 2
    Last Post: 07-08-2010, 03:05 AM
  4. Project - Server Operational Analysis Tool
    By SBerry in forum OLD Programming
    Replies: 0
    Last Post: 06-10-2009, 11:52 PM
  5. Tool request: NSAT (network security analysis tool)
    By williamc in forum OLD BT3beta General
    Replies: 10
    Last Post: 06-03-2008, 04:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •