Monday, September 02, 2013

Network News & Goodies - Labor Day Edition

Linkfest post on Labor Day. Lots of network goodies here for the GSD fans!

Presented in no particular order…just how they came of the bench tonight.

Viewpoints: OSI Model and APSTNDP - Microsoft’s MessageAnalyzer blog

Wireshark Tutorial Series #2. Tips and tricks used by insiders and veterans - Sniff free or die Wireshark blog

Tools - The Wireshark Wiki - great Super-List of tools and supporting material for Wireshark.

I’ve posted recently quite a gushing rant on TraceWrangler. It is a free (still-Alpha release) no-install tool to help with sanitizing and anonymizing packet trace files. Pretty wicked cool. Jasper Bongertz posted an intro here and touched on some of the issues current tools of this kind have.

I mention it because the Wireshark Wiki Tools page does contain a list of capture file anonymization tools and (sadly) TraceWrangler isn’t on it yet. Somebody with a connection needs to send the Wiki editors some memos…just saying.

TraceWrangler (change log) - now at version Alpha 0.1.3 build 308.

Microsoft Security Advisory (2861855): Updates to Improve Remote Desktop Protocol Network-level Authentication - Microsoft Security TechCenter

Sequence Match View: Identifying Interesting Network Patterns - Microsoft’s MessageAnalyzer blog

How Secure Is Your Smartphone - Check the Packets (by Tony Fortunato) - LoveMyTool blog

The Do's and Do NOT's of using SPAN Ports (by Darragh Delaney) - LoveMyTool blog

NetFort SPAN Port Configurator - freeware - GUI Utility to set Span Ports on Cisco switches…because as you know, using the free Cisco Network Assistant to do so is such a pain.

ZMAP 1.02 released - SANS ISC Diary

ZMap · The Internet Scanner. From the home page:

“ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet.

“While ZMap is a powerful tool for researchers, please keep in mind that by running ZMap, you are potentially scanning the ENTIRE IPv4 address space and some users may not appreciate your scanning. We encourage ZMap users to respect requests to stop scanning and to exclude these networks from ongoing scanning.”

“We suggest that users coordinate with local network administrators before performing any scans and we have developed a set of scanning best practices, which we encourage researchers to consider. It should go without saying that researchers should refrain from exploiting vulnerabilities or accessing protected resources, and should comply with any special legal requirements in their jurisdictions.”

While you may not break the Internet as handily as Jen does, you might do bad things to your own. Be sure you are well familiar with the tool before experimenting!

INMAP 6.40 Released - SANS ISC Diary

Nmap Change Log -

Download the Free Nmap Security Scanner for Linux/MAC/UNIX or Windows -

SoftPerfect WiFi Guard - version release to 1.0.3 (Change log)

NetworkTrafficView - NirSoft - version release to 1.76:

  • Added 'Maximum Packet Size' column. For TCP connections that transfers significant amount of data, the value under this column represents the actual MTU.

Wireless Network Watcher - NirSoft - version release to 1.67

  • Updated the internal MAC addresses database.

KiTTY - update to current version release of

60 Seconds on the Wire: A Look at Malicious Traffic (direct PDF Link) - SANS Reading Room whitepaper by Kiel Wadner - August 22, 2013.

Custom Full Packet Capture System - (direct PDF Link) - SANS Reading Room whitepaper by Derek Banks - April 16, 2013.

Updated from another recent GSD post because they seemed apropos here in this as well:

Psst. Your Browser Knows All Your Secrets. - SANS ISC Diary guest post by Sally Vandeven on pulling the crypto keys in a browser.

Cookie Cadger to Identify Cookie Leakage from Applications over An Insecure HTTP Request - Next of Windows

Cookie Cadger - project homepage. From the link:

“Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.

“Web providers have started stepping up to the plate since Firesheep was released in 2010. Today, most major websites can provide SSL/TLS during all transactions, preventing cookie data from leaking over wired Ethernet or insecure Wi-Fi. But the fact remains that Firesheep was more of a toy than a tool. Cookie Cadger is the first open-source pen-testing tool ever made for intercepting and replaying specific insecure HTTP GET requests into a browser.

“Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open-source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis.”


--Claus Valca

1 comment:

Jasper Bongertz said...

Hi Claus,

thanks for featuring TraceWrangler repeatedly. And for the tons of interesting links and ressources. Way to go! :-)