 Sam Spade |
Sam Spade is a comprehensive network investigation tool named after the private eye
played by Humphrey Bogart in the movie The Maltese Falson. It comes as both
an online version and a downloadable version that can be installed on a personal
workstation. The Sam Spade tool acts as a sleuth that finds as much public information
about an IP address or DNS address. Suppose that your firewall logs show that
someone tried to scan your network for open ports and the log lists the potential
intruder's IP address. This is where Sam Spade comes in handy.
Sam Spade provides the functionality to find more information about the IP address
such as:
- Who the IP address is registered to
- The route between your computer and the computer at the remote IP address
- Search for registration records for this IP address to find out the Internet
Service Provider (ISP) who owns the IP address
- Contact information for the ISP
As you use Sam Spade, keep in mind that the above is only a small portion of what the
tool can provide in tracking down information. The software is not very intuitive
and may take awhile to get used to.
 SamSpade.org
SamSpade.org Download Sites
SamSpade.org Tools
|
|
| SuperScan |
By far, SuperScan is one of the easiest port scanners to use, and best of all, it's free.
Hackers use port scanners to probe systems for TCP ports on which there is a reply. After
on open TCP port has been successfully located, the hacker can try to break into the
computer using this port. Just as a hacker would use tools of this nature, SuperScan
can be used by network administrators to secure their network. Network administrators
often use port scanners to check for open ports that may signal vulnerabilities.
A very common use of port scanners, like SuperScan, it to test your firewall by running
the port scanner against it. Ensure that your firewall is only replying on ports
that you have set up for authorized connections from the Internet into your network.
SuperScan can be configured to check any range of ports, and you can even tell it to
scan an entire range of IP addresses, making it possible to check your entire network
at once.
Note: Ensure that you only run a port scanner
against computers where the owner has given you permission to do so. Running tools
like this against computers may result in you getting reported to your ISP who may
cancel your account. It is also a good idea to contact your ISP and let them know
you will be running port scanning software and that you have already recieved permission
from the owner. ISP often monitor thier systems to track accounts that are running
port scanning software.
Foundstone
Foundstone - Free Tools
|
|
| SuperScanFScan |
Just like SuperScan, FScan is another port scanner and was written by Foundstone. It is
command-line utility and is not as user-frienfly as SuperScan but does provide several
other nice advantages. One nice feature is the ability to redirect the results of a scan
to a text file for further processing. Another, and probably the most significant,
is that it can perform scans for open UDP ports in addition to TCP ports. Kind in mind
though that UDP port scans are not very reliable. A properly secured network, for example,
shows no difference between open and closed UDP ports, but if a computer is not
configured to be secure, you may be able to find open UDP ports, and in some cases you
can use a UDP port scan to find vulnerabilities.
Note: Ensure that you only run a port scanner
against computers where the owner has given you permission to do so. Running tools
like this against computers may result in you getting reported to your ISP who may
cancel your account. It is also a good idea to contact your ISP and let them know
you will be running port scanning software and that you have already recieved permission
from the owner. ISP often monitor thier systems to track accounts that are running
port scanning software.
Foundstone
Foundstone - Free Tools
|
|
| Netstat |
Netstat is a TCP/IP utility that is included with almost all versions of Windows and UNIX.
It is the quickest way to discover what TCP and UDP ports are in use on a given computer.
Since netstat is included with most modern operating systems,
there is no need to download anything to start using this utility. Network
administrators can use netstat to generate a list of ports in use, then check
to see whether all of them should indeed be in use. The output from netstat
can also be used to determine if certain programs are being used and that might
present a vulnerability. In addition, you can use netstat to list all current
connections that your computer has established to other computers, as well as what
incoming connections exist. You get results about both open connections and listening
ports by using the -a option, as in netstat -a. Because
netstat is most likely included with your operating system, you can use
it directly from a command line.
Note: If you find that the netstat command
takes too long to complete, this is because it tries to resolve all IP addresses
to DNS names. To speed up the operation, use the - n option, as in
netstat -n, which instrucuts netstat to skip the
time-consuming name lookups and just how IP addresses.
Foundstone
Foundstone - Free Tools
|
|
| TCPView |
TCPView is a program that gives you similar information to the netstat
command. Unlike netstat, it presents this information in a much more usable
format and is often more accurate.
TCPView
TCPView Professional
|
|
| TDIMon |
TDIMon gives you detailed information on programs on your computer that are
accessing the network using TCP/IP. TDIMon can show you in real time what programs
are using the network and what port each program has opened. This can be very
helpful when you need to have exact information about how a given program is
accessing the network.
TDIMon
|
|
| FPort |
Netstat, TCPView, and TDIMon give you useful information about the ports that are used
by applications running on your computer. FPort performs similar tasks from a slightly
different angle. If shows you all the ports that are currently open on your computer
and lists the programs that have opened each of these ports. You can use this tool
to get a good idea of why certain ports are open, and whether you should use your
firewall to close them. FPort is a free utility.
Foundstone
Foundstone - Free Tools
|
|
| Snort |
Despite its funny name, Snort is a capable intrusion detection system that works well
on smaller networks. Snort performs real-time network traffic logging and analysis. For example,
you can configure Snort to capture all packets on a network segment and scan them for the
tell-take signs of intrusion attempts. Although Snort is very capable, you should be prepared
to spend some time learning how to use it. Also, if you want to customize Snort to look
for newly discovered attacks, you may have to spend additional time configuring and
customizing it. Snort is available for Windows and several UNIX platforms.
Snort - The Open Source Network Intrusion Detection System
|
|
| Network Monitor |
If you are using Windows NT Server or Windows 2000 Server, you have access to
a powerful network protocol analyzer. Network Monitor is similar to Snort in it
ability to capture network packets. You can then look at teh packets, including
all characters included in the network packet, to troubleshooting connection
information. You can also see exactly which packets were sent across the network.
Network Monitor breaks up the packets into its components and gives you detailed
information on packet headers and other components of teh network traffic.
The version of Network Monitor that is included with Windows NT and Windows 2000
captures only network traffic that was sent or received by the computer that it
runs on. To use the full-featured version that captures all network traffic,
you have to buy Microsoft Systems Management Server. Still, even the scaled-down
version is a powerful adn useful tool. It is not installed by default, so you have
to add this optional component to your installation of Windows NT Server or
Windows 2000 Server.
|
|
| NetCat |
Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads
and writes data across network connections, using TCP or UDP protocol. It is designed to be
a reliable "back-end" tool that can be used directly or easily driven by other programs
and scripts. At the same time, it is a feature-rich network debugging and exploration tool,
since it can create almost any kind of connection you would need and has several interesting
built-in capabilities. Netcat is now part of the Red Hat Power Tools collection and comes
standard on SuSE Linux, Debian Linux, NetBSD and OpenBSD distributions.
Like many powerful tools available to network administrators, NetCat also has a number
of uses for hackers, so it makes sense for administrators to familiarize themselves
with all its features. Knowing and understanding what tools the hackers
use is crucial to securing your network.
NetCat is now available for both UNIX and Windows. The current version for UNIX was
released in 1996 by hobbit. The Windows version was released by Chris Wysopal
in 1998. Both hobbit and Chris are part of @stake, Inc.
@stake, Inc.
@stake Research Tools - Network Utility Tools
|
