Network security tools
Tools
- Top 75 Security Tools
- arp-sk tools
- dsniff, Various tools to sniff network traffic for cleartext insecurities
- Snort, The Open Source Network Intrusion Detection System
- Scapy - Packet generator/sniffer and network scanner/discovery
- cf excellent article in LM52 (Linux France Magazine no 52)
- Scapy Homepage
- Python Tutorial
- Netcat
- Penetration Testing Tip #21: netcat ( nc ) utility resources
- Netcat rules the net
- How to duplicate a complete PC via network
- Wonders of 'dd' and 'netcat' :: Cloning Operating Systems
- Netcat6 with IPv6 support
- CryptCat: Netcat with cryptography
My own recipes for partition to partition copy over the network (ex. copying sdb5 from source on hda1 of target):
Target (192.168.1.1):
netcat -l -p 2000 -w 5 | dd of=/dev/hda1
It will wait max 5 secs so be prepared to launch immediately the next command as well on the source.
Source (192.168.1.2):
dd if=/dev/sdb5 conv=noerror,sync | netcat 192.168.1.1 2000
We can do better:
See what happen: add |pipeview| or |pv| if you have them to get real-time statistics on speed
Without pipeview you can still provoke dd to display stats by sending signals to it:
while :; do sleep 5; killall -SIGUSR1 dd;done
Compress on the fly: add |gzip -c| on source and |gunzip -c| on target
Compute checksums on-the-fly on both sides: create a fifo and md5 it.
So the complete ideal example:
Target (192.168.1.1):
mkfifo /tmp/foo netcat -l -p 2000 -w 5 | pipeview | gunzip -c | tee /tmp/foo | dd of=/dev/hda1 # and in another window md5sum /tmp/foo
Source (192.168.1.2), within next 5 secs:
mkfifo /tmp/foo dd if=/dev/sdb5 conv=noerror,sync | tee /tmp/foo | pipeview | gzip -c | netcat 192.168.1.1 2000 # and in another window md5sum /tmp/foo
Note that pipeview will measure drive speed on the source and network speed on the target due to its relative position with gzip (which you can swap of course)
- SoCat: Netcat on steroids, if you were amazed by netcat, you've seen *nothing*!!!
socat -v -x PTY,link=/tmp/myttyUSB0,raw,echo=0,isig=0 /dev/ttyUSB0,raw,echo=0,isig=0
Sniff over network:
wireshark -N n -S -l -k -i <(ssh root@zeus tshark -w - not tcp port 22) wireshark -N n -S -l -k -i <(ssh root@zeus tcpdump -s 1500 -w - -i lo not tcp port 22)
Others
Filtering
- IPTables Linux firewall with packet string-matching support
- Filtering packets based on string matching