Linkfest post on Labor Day. Lots of network goodies here for the GSD fans!
Presented in no particular order…just how they came of the bench tonight.
Viewpoints: OSI Model and APSTNDP - Microsoft’s MessageAnalyzer blog
Wireshark Tutorial Series #2. Tips and tricks used by insiders and veterans - Sniff free or die Wireshark blog
Tools - The Wireshark Wiki - great Super-List of tools and supporting material for Wireshark.
I’ve posted recently quite a gushing rant on TraceWrangler. It is a free (still-Alpha release) no-install tool to help with sanitizing and anonymizing packet trace files. Pretty wicked cool. Jasper Bongertz posted an intro here and touched on some of the issues current tools of this kind have.
I mention it because the Wireshark Wiki Tools page does contain a list of capture file anonymization tools and (sadly) TraceWrangler isn’t on it yet. Somebody with a connection needs to send the Wiki editors some memos…just saying.
TraceWrangler (change log) - now at version Alpha 0.1.3 build 308.
Microsoft Security Advisory (2861855): Updates to Improve Remote Desktop Protocol Network-level Authentication - Microsoft Security TechCenter
Sequence Match View: Identifying Interesting Network Patterns - Microsoft’s MessageAnalyzer blog
How Secure Is Your Smartphone - Check the Packets (by Tony Fortunato) - LoveMyTool blog
The Do's and Do NOT's of using SPAN Ports (by Darragh Delaney) - LoveMyTool blog
ZMAP 1.02 released - SANS ISC Diary
ZMap · The Internet Scanner. From the home page:
“ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet.
“While ZMap is a powerful tool for researchers, please keep in mind that by running ZMap, you are potentially scanning the ENTIRE IPv4 address space and some users may not appreciate your scanning. We encourage ZMap users to respect requests to stop scanning and to exclude these networks from ongoing scanning.”
“We suggest that users coordinate with local network administrators before performing any scans and we have developed a set of scanning best practices, which we encourage researchers to consider. It should go without saying that researchers should refrain from exploiting vulnerabilities or accessing protected resources, and should comply with any special legal requirements in their jurisdictions.”
While you may not break the Internet as handily as Jen does, you might do bad things to your own. Be sure you are well familiar with the tool before experimenting!
INMAP 6.40 Released - SANS ISC Diary
Nmap Change Log - nmap.org
NetworkTrafficView - NirSoft - version release to 1.76:
- Added 'Maximum Packet Size' column. For TCP connections that transfers significant amount of data, the value under this column represents the actual MTU.
Wireless Network Watcher - NirSoft - version release to 1.67
- Updated the internal MAC addresses database.
KiTTY - update to current version release of 0.63.0.2
60 Seconds on the Wire: A Look at Malicious Traffic (direct PDF Link) - SANS Reading Room whitepaper by Kiel Wadner - August 22, 2013.
Custom Full Packet Capture System - (direct PDF Link) - SANS Reading Room whitepaper by Derek Banks - April 16, 2013.
Updated from another recent GSD post because they seemed apropos here in this as well:
Psst. Your Browser Knows All Your Secrets. - SANS ISC Diary guest post by Sally Vandeven on pulling the crypto keys in a browser.
Cookie Cadger - project homepage. From the link:
“Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.
“Web providers have started stepping up to the plate since Firesheep was released in 2010. Today, most major websites can provide SSL/TLS during all transactions, preventing cookie data from leaking over wired Ethernet or insecure Wi-Fi. But the fact remains that Firesheep was more of a toy than a tool. Cookie Cadger is the first open-source pen-testing tool ever made for intercepting and replaying specific insecure HTTP GET requests into a browser.
“Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open-source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis.”