Saturday, December 03, 2011

Network Tool Notes

Here is a brief collection of network-related tools and utilities that have been gathered in this past week.

Nmap Security Scanner for Linux/MAC/UNIX or Windows - latest stable version now at 5.51 and development version at 5.61. Changelog

PuTTY: a free telnet/ssh client - version 0.61 released a few months ago and 0.62 “pre-release” build also now available with some bug fixes. Spotted via ISC Diary post. 4 years is a long wait for a bump…

How to connect to a Wireless WIFI Network from the Command line in Windows 7 - Scott Hanselman - just because mixing WiFi and CLI is cool.  See also Scott’s Updated for 2011 - McDonald's WiFi Guide with updates for Mac OS X Lion and Windows 7

Wireless Profile Samples - MSDN WiFi XML profile samples and info on the Netsh Commands for Wireless Local Area Network (wlan).

Wireless Network Profile - Backup and Restore - Windows 7 Forums - Tips on backing up restoring your WiFi profiles on Win7.

Wifi Network Backup Manager Utility - Shai Raiten - Small and easy tool to assist with the above processes if helps you a bit.

Network Stuff - A ton on specialized network tools bundled up in a single free utility.  Spotted in this BetaNetws post: Network Stuff: More Internet tools than you'll likely ever use.  The developer offers a number of other interesting tools as well worth looking into - Dev Stuff

NorthWest Performance Software, Inc. - Network Freeware Tools - This company provides quite a collection of free network tools such as the following:

  • NetScanTools® Basic Edition - DNS Tools, Ping, Graphical Ping, Traceroute, Ping Scanner, Whois
  • IPv6ScopeFinder - Displays ScopeID, status, Interface Type, IPv6 & IPv4 addresses, Interface Name.
  • IPtoMAC - can find the MAC Address of any IPv4 device on the local network.
  • ENUMresolver - “A freeware program designed to query your default DNS for the ENUM NAPTR mapping between a telephone number and a SIP, H323, IAX2 or other URI. Use with VOIP systems to check your e.164 or freenum or other mappings. This program queries each default DNS assigned to your system using the e164.arpa or other root tree for the corresponding NAPTR records and displays them.” That’s pretty cool.

Peter Kostov's software for networkers - amazing freeware collection.

ostinato - Packet/Traffic Generator and Analyzer - Google Project Hosting - from the cross-platform project page “Ostinato is an open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates. … Ostinato aims to be "Wireshark in Reverse" and become complementary to Wireshark.“

Fluke Networks Freeware

Fluke Networks has a couple of freeware tools worth looking into. You need to register to download, however for two of the three of them I was able to find a direct download link with a little bit of extra Google searching. I think you can find them on some download hosting sites as well.

Fluke Networks - IP Inspector - free - Run a scan to find IPv4 and IPv6 devices and open TCP app ports on your network. Also reports hostnames and MACS for discovered devices. Exportable results and IP state changes can be monitored over time.  Found via this LoveMyTool blog post Free New IP Tool - The IP Inspector by Dan Klimke.

Fluke Networks - Switch Port Monitor - free - This tool lets you connect to and monitor network switches to pull and display switch statistics and performance. Aids in switch documentation and troubleshooting efforts.

Fluke Networks - Service Availability Tool - free - Verify service port status for servers, measure response times, run TCP trace routes, save for documentation.

Web-based Network Performance Testing Tools

Could have sworn I had recently made a post of a number of websites that can test network speed and quality. Guess I didn’t.

From the Mandiant Labs

Mandiant Research Tool Release: ApateDNS - Just recently learned about this new Mandiant tool to help with malware analysis from a network angle. From the description:

It is a simple tool that acts as a phony DNS server that can log or manipulate DNS requests being made to it. Malware analysts typically use this to redirect beacon traffic from a guest virtual machine to the host system (or another virtual machine) to monitor beacon and/or communication channels using Netcat or a custom written C2 script. Forensic analysts typically use this tool to quickly extract DNS names from malware samples.

ApateDNS automatically sets up your Windows network configurations by attempting to determine the default route or current DNS settings. This is most useful when in a guest virtual machine since the default route is typically the host machine. As shown in the figure below, ApateDNS has found the default route in my virtual machine (192.168.239.1) and uses this IP address for any DNS request on my virtual host. The user may override this by specifying an IP address for DNS Reply IP.

MANDIANT ApateDNS Download Link

Now go get connected!

--Claus V.

No comments: