'CORE IMPACT'에 해당되는 글 3건
Immunity Canvas는 수백 여개의 유효한 공격코드와, 자동화된 공격 시스템, 그리고 전세계의 모의해킹 테스터와 보안 전문가를 위한 광범위하고 신뢰할 수 있는 공격코드 개발 프레임워크를 만듭니다.
Immunity라는 회사에서 개발한 자동화된 Penetration Testing 프로그램입니다. 일명 자동 해킹공격 수행 프로그램입니다.
현재까지 개발된 것은 15가지 취약점에 대한 Exploiting까지 가능합니다.
기존의 취약점 스캐너들이 취약점 존재 여부만을 알려주지만, CANVAS는 취약점을 이용해서 실제로 시스템 침투까지 자동적으로 수행해 주는 특징이 있습니다.
프로그램만 구동해주면 툴이 알아서 취약점을 찾고 공격해서 시스템 권한을 획득해 줍니다. 기능이 기능인 만큼 돈 받고 파는 소프트웨어 입니다. 가격은 US $995입니다. 이것과 유사한 것으로 Metasploit 프로젝트도 있습니다. 상용으로는 Core impact 라는 툴이 있는데 상당히 고가입니다.
1) CANVAS 구동 초기화
2) CANVAS CLI 모드에서 해킹에 성공한 화면
3) 취약점 모듈
4) 취약점 모듈을 통해 자동공격 실행
As you can imagine I spend a good portion of my time keeping a close watch on the movements of website vulnerability assessment market. Part of that requires identifying the different players, who is really offering what (versus what they say they do), how they do it, how well, and for how much. Most of the time it is easier said than done, parsing vague marketing literature, and it is never "done." Every once in a while I post a chart listing the notable SaaS/Cloud/OnDemand/Product vendors and how some of their key features compare, not so much in degree, but at least in kind. If anything is missing or incorrect, which there probably is, please comment and I’ll be happy to update.
출처 : http://jeremiahgrossman.blogspot.com/
This is a partial list of WinPcap-based tools. We add a program when we come across it on the network, or when the developer tells us about its availability.
Please contact us at winpcap-team [at] winpcap.org to add new tools to this list.
Wardriving utility for Windows.
AirSnare is an intrusion detection system to help you monitor your wireless network.
Analyzer is a fully configurable Network Analyzer for Win32. It includes several functionalities that are needed by network management operator. Analyzer is based on WinPcap and it is able to capture packets on most Win32 platforms (and link-layer technologies). Analyzer 3.0 comes out with some event logging, LAN monitoring and traffic monitoring capabilities. However, Analyzer 3.0 most valuable point is the ability to parse network packets according to the protocol description contained into some external files, which can be modified at run-time by the user.
Archaeopteryx is a Passive mode OS Identification Tool. It is based off Siphon v.666 by SubTerrain. It has a GUI and a highly configurable OS signature file.
ARP0c is an ARP redirector and bridging engine. ARP requests from various sources in a switched environment get false ARP response which point to the host running ARP0c. Packets from these hosts are bridged to the real destination address to allow normal network operation and keep TCP connections alive.
The Asn1Browser analyzer decodes ASN1 binary data and provides an advanced display for the user.
assniffer can monitor a network, and for every HTTP transfer it sees, save a copy of the transferred data.
BillSniff is a free (freeware) sniffer under MS Windows.
Bit-Twist is a simple yet powerful WinPcap-based Ethernet packet generator. It is designed to compliment WinDump, which by itself has done a great job in capturing network traffic. With Bit-Twist, you can now regenerate the captured traffic onto a live network! Packets are generated from windump trace file (.pcap file). Bit-Twist also comes with a comprehensive trace file editor to allow you to change the contents of a trace file.
Blackart for Windows is a sniffer for personal users. It captures all or specified packets at Data Link Layer. It can also parse and explain the headers of Ethernet, IP, TCP, UDP and ICMP.
Bochs is a highly portable open source IA-32 (x86) PC emulator written in C++, that runs on most popular platforms. It includes emulation of the Intel x86 CPU, common I/O devices, and a custom BIOS.
Busted! records AOL instant message conversations, web sites visited, applications used, keystrokes and takes periodic screen shots.
Cable traffic monitoring tool.
- Cain & Abel
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.
Carnivore is a surveillance tool for data networks. At the heart of the project is CarnivorePE, a software application that listens to all Internet traffic (email, web surfing, etc.) on a specific local network. Next, CarnivorePE serves this data stream to interfaces called "clients." These clients are designed to animate, diagnose, or interpret the network traffic in various ways.
- cdpr - Cisco Discovery Protocol Reporter
cdpr is used to decode a Cisco Disovery Protocol (CDP) packet, by default it will report the device ID, the IP Address (of the device), and the port number that the machine is connected to. Optionally it will decode the entire CDP packet.
parental control software.
CHScanner allows you to scan in "style" from Windows XP SP2 and higher OS. It is IPv4 and IPv6 enabled, it has a skinnable interface and it has the ability to mimic various operating systems. Last but not least, it has many scanning methods.
Cooperative Linux is the first working free and open source method for optimally running Linux on Microsoft Windows natively. More generally, Cooperative Linux (short-named coLinux) is a port of the Linux kernel that allows it to run cooperatively alongside another operating system on a single machine. For instance, it allows one to freely run Linux on Windows 2000/XP, without using a commercial PC virtualization software such as VMware, in a way which is much more optimal than using any general purpose PC virtualization software.
- CORE IMPACT
Automated, comprehensive penetration testing product for assessing specific information security threats to an organization.
daSniff is an open source customizable sniffer for win32 systems. It helps you to log your LAN traffic by specifying packet rules as filters.
- Deep Network Analyzer (DNA)
DNA is an open, flexible and extensible deep network analyzer (software server) and architecture for gathering and analyzing network packets, network sessions and applications protocols, passively off enterprise class networks. DNA is designed to be used for Internet Security, Intrusion detection, Network Management, Protocol and Network Analysis, Information Gathering, Network Monitoring applications.
dsniff is a collection of utilities to aid in sniffing network data.
- EffeTech HTTP Sniffer
EffeTech HTTP Sniffer is a HTTP protocol network sniffer, packet analyzer and file rebuilder based on Windows platform. Unlike most other sniffers, it is dedicated to capture IP packets containing HTTP protocol and to rebuild the HTTP communications and files sent through HTTP protocol.
- Engage Packet Builder
Scriptable libnet-based packet builder for Windows platform.
EtherSnoop is a basic network sniffer, that can capture all packets going through the network. It lists the captured data in real-time, using an easy-to-understand interface with a hex and text display of the packet content. EtherSnoop also offers basic filtering by protocol type and a tree-style packet explorer. The output can be saved to file and reloaded later if needed.
Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
- FAP Guard
FAP Guard allows DirecPC and DirecWay users to monitor their Fair Access Policy ( FAP ) download level, thus preventing them from getting throttled or disconnected. You might also find this application useful if you are paying for download, or have a download limit imposed by your ISP. It provides some interesting network traffic statistics as well.
The Fanfare Group delivers one-click test automation™ for communication equipment manufacturers who need to reduce their time to market and improve product quality.
FramePad is a Windows based packet sniffer and protocol analyzer, designed from the ground up with ease and functionality in mind. It allows you to examine data from a live network or from a capture file on disk.
FTPXerox grabs files that are transferred across the network using the FTP protocol. It implements a full end-to-end TCP re-assembly engine that watches for FTP transfers.
- Gamer's IPX Tunnel (GIT)
GIT is a freeware utility to link LANs together over the internet for IPX-based network gameplay. It can also be used to bridge many configurations of IPX packets and frames from once point to another.
- GIPS IP Network Simulator
The GIPS IP Network Simulator is a software tool that allows the user to emulate network behavior by delaying and/or dropping packets in an IP-network. Installed in a laptop it can be placed between two LAN’s, two gateways, or any two IP devices and simulate the network conditions experienced by the two end-points.
- Hammer Call Analyzer
The Hammer Call Analyzer enables users to visualize signaling and voice quality problems in VoIP networks. For example, the unique call list and multistage call flow display features walk engineers through the legs of a particular call. In addition, the Hammer Call Analyzer displays waveforms and the Stream Quality Signature for any call.
HiDownload is a multi-threaded download manager that allows you to download individual files (or lists of files) from web and FTP.
Honeyd is a small daemon that creates virtual hosts on a network that enhances network security by providing "honeypot" decoys that enable network security officers to detect, monitor, and contain unauthorized network activities without the intruder knowing they are being tracked.
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
- HTTP snoop
A simple but functional HTTP sniffer application. It will display a few basic information about every "HTTP packet" that it sees on the NIC and decode all basics authentication header entries it finds (both for proxies and for web sites). It will also write everything in the HTTP request that is both in the same packet and before the firs null char.
View web traffic between browser and any Internet server. HttpTracer is a windows program that runs as a proxy server on your desktop, catching and displaying all textual commands and data sent and recieved by a web browser.
A Java wrapper for WinPcap. It allows Java code to access to the WinPcap (and libpcap on UNIX) calls.
- IM Sniffer
Intercepts and decodes all instant message traffic received by the computer. A high performance engine delivers real time message decryption. Conversations can be viewed immediately or saved for later analysis. Freeware.
iNetWatcher© is based on Winpcap, may fully monitor the Internet activity of staff or students, record the E-mail transmitting through the Internet and Web Page; monitor the various real-time chatting messages and IM files sent; monitor the register table, hard disk, system information of the employee's computer; monitor FTP; monitor net flow of all staff.
Trace TCP/UDP Packets on your workstation. View packets in a logical sequence, with requests and responses grouped into conversations (showing the resulting response times). Set filters for tracing. View headers and data in text or HEX format.
Internet/Network Ip address & data packet monitor.
- IP Sniffer
Windows 2000/XP packet sniffer with replay function.
- ItCan.Net Monitor
ItCan.Net Monitor is a bandwidth analysis utility. Besides giving a graphical illustration of the bandwidth usage on your computer or the network it resides, you get a list of all incoming and outgoing connections.
Kolsniffer contains a component to write very small self-contained WinPcap applications with Delphi and the Key Object Library framework. The source code is a translation of the Tsniffer class that Umar Sears wrote earlier. The source code is freeware, with the permission of the original author. It was written by Thaddy de Koning. The zip filecontains a demo with sources, that illustrates how to use the component. The Key Object Library framework itself is available from http://bonanzas.rinet.ru
LaBrea@Home is a version of the original network administrator's tool "LaBrea" for home use. LaBrea is a way to combat both port scanners and worms such as Code Red and Nimda. The original network administrator's "LaBrea" creates phantom machines which hold scanners and worms in a sort of "tarpit", luring them in, and holding onto their communications with what they think are real machines.
- LeetGeek ICMP Tunneler
An ICMP tunneling program.
Libnet is a high-level API (toolkit) allowing the application programmer to construct and inject network packets. It provides a portable and simplified interface for low-level network packet shaping, handling and injection.
Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection.
lwIP is a small independent implementation of the TCP/IP protocol suite. The focus of the lwIP TCP/IP implementation is to reduce the RAM usage while still having a full scale TCP.
- MSN Protocol Analyzer
MSNProtocol Analyzer(MSNPAnalyzer) is a network utility that can monitor (or capture, monitor) the sessions of MSN Protocol.
If you use this program in conbination with SwitchSniffer program, you can capture and see all the MSNP sessions including conversations and MSN commands
- MSN Webcam Recorder
MSN Webcam Recorder is a tool that allows you to record video streamed to and from your computer by MSN Messenger's Webcam Feature.
myNetMon is windows based network monitor and packet analyzing (sniffer).
Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script.
- Net::Pcap for Win32
A Perl interface to the libpcap library. Net::PcapUtils is available on the same site.
NETI@home is an open-source software package that collects network performance statistics from end-systems. It has been written for and tested on the Windows, Linux, and Solaris operating systems, with testing for other operating systems to be completed soon. NETI@home is designed to run on end-user machines and will collect various statistics about Internet performance. These statistics will then be sent to a server at the Georgia Institute of Technology (Georgia Tech), where they will be collected and made publicly available.
NetCalibrator offers statistical analysis of captured data in support of performance analysis. The approach being used provides ability to quantify performance issues for small as well as large (>500,000) number of packets.
NetPredictor offers monitoring and prediction of application performance. It enables you to build, or to interactively discover, the path between an application user and the server.
- netwib, netwox and netwag
Netwib provides sniff, spoof, client, server and most functions needed by network programs. Toolbox netwox helps to find and solve networks' problems. Netwag is a graphical network toolbox. Netwox and netwag contain over 150 tools.
NetWitness gives an organization the ability to quickly understand and respond to network activity of interest, regardless of the device provisioning the data or the application producing the packets.
- Network packet generator
Network Packet Generator (npg) is a free GNU GPL Windows packet injector (generator) that utilizes WinPcap to send specific packets out a single or multiple network interfaces. These packets and other extended options can be defined on the command line, in a packet file, or combination of the two.
Determine vulnerabilities on your network through passive monitoring much like a sniffer. NeVO dynamically learns about your servers, services and vulnerabilities by performing signature and protocol analysis of the observed network sessions.
Easy-to-use windows vulnerability scanner based on Nessus technology. NeWT installs on any Windows 2000 or Windows XP computer and can quickly scan several thousand hosts for vulnerabilities and produce detailed vulnerability reports.
Ngrep strives to provide most of GNU grep's common features, applying them to the network layer
Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), and TCP/IP fingerprinting (remote host operating system identification). Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence predictability characteristics, sunRPC scanning, reverse-identd scanning, and more.
ntop is a tool that shows the network usage, similar to what the popular top Unix command does.
- Nuzzler IDS
The Securepoint Intrusion Detection System (Nuzzler) allows to analyse the network for intrusion detection. Nuzzler can detect possible attacks, viruses, trojans and other bad traffic.
- P2P WatchDog
P2P WatchDog is a network sniffer which can monitor and block several Peer-to-Peer file transfer protocols, including FastTrack, Gnutella, DirectConnect, EarthStation5, eDonken, Filetopia, BitTorrent, MP2P, and Overnet.
Packet capture and analyzer program. The source contains a C# reimplementation of the packet.dll WinPcap library.
- Packet Excalibur
A multi-platform graphical and scriptable network packet engine with extensible text based protocol descriptions.
Its an ActiveX for use with Visual Basic that wraps the function exported by the WinPcap API (packet.dll).
PacketX is set of ActiveX classes that integrate winpcap packet capture functionality with Visual Basic or any other programming environment supporting Microsoft ActiveX technology.
Pcapy is a Python extension module that interfaces with WinPcap/libpcap. Pcapy enables python scripts to capture packets on the network.
Packetyzer is a Windows user interface for the Ethereal packet capture and dissection library.
Sitraka PerformaSure allows J2EE development teams to identify sources of performance problems within an assembled application. PerformaSure coordinates the collection of performance metrics for any given transaction, following the path of execution from the initial HTTP request through load balancers, application servers, to the database and back again.
- PI IT Monitor
PI IT Monitor collects real-time information regarding the performance of various elements that compose an IT infrastructure. But in addition to collecting real-time values, PI IT Monitor archives such data and makes them available for use in reporting, analysis, troubleshooting, and decision making.
- Pikachu JPEG Sniffer
Pikachu is a networks sniffer to sniff the JPEG images flowing in the local wired/wireless Ethernet network.
PingPlotter is a network troubleshooting and diagnostic tool. It uses a combination of traceroute, ping, and whois to collect data quickly, and then allows you to continue to collect data over time to give you the information you really need to identify problems (both short-term and long-term trends).
Software for remotely monitoring computers on local networks to locate network interfaces operating in a promiscuous mode.
A TCP port scanner.
- PSentry Internet Policy Guard & Surveillance
PSentry sniffs network traffic at gateway point, captures and records user activites like web surf, emails, web submissions, instant messager sessions (AOL aim, MSN, ICQ, Yahoo, QQ, googletalk). It can log or block ftp, p2p file transfers. PSentry deloys different Internet policies by IP/MAC address or by user, to controls which resource or servce is permited or blocked on a LAN.
- Pseud IP Masquerade
Pseud IP Masquerade is a Windows application and NT/2000 Serivce, that has some basic functions of "IP Masquerade".
simplified object-oriented Python extension module for libpcap - the current tcpdump.org version, the legacy version shipping with some of the BSD operating systems, and the WinPcap port for Windows.
rawstuff is a toolkit for totally raw (MAC level and with no TCP/IP installed) send and receive on Windows.
- Show Traffic
Show Traffic monitors network traffic on the chosen network interface and displays it continuously. It could be used for locating suspicious network traffic or to evaluate current utilization of the network interface.
SIMH is a highly portable, multi-system simulator.
Sniphere is an another network wiretapping program for Windows using winpcap. Nevertheless, Sniphere is a pretty handy program with a lot of possibilities which most of free sniffers do not have.
SmartSniff allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump.
Snoop is component library encapsulating WinPcap used in Delphi.
SnoopAnalyzer Standard is a network protocol analyzer based on network data capturing technology under Microsoft Windows platforms(95/98/Me/2000/NT/XP).
SnoopMSNBlock is a software to block MSN messenger service used in your company.
SnoopNetCop Standard is a program that can detect possible packet sniffing attack on your network.
Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
Snot is an arbitrary packet generator, that uses snort rules files as its source of packet information. It can be used as an IDS evasion tool, by using specific decoy hosts, or just something to keep your friendly IDS monitoring staff busy.
SOAPscope is a Web services diagnostic system that collects and analyzes information about SOAP and WSDL by monitoring communications among SOAP endpoints.
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.
- STINGA NGN Monitor
Protocol analyser focusing on SS7oIP from Utel Systems. Protocols like ISUP (ITU, ANSI, UK), SCCP, TCAP, MAP, INAP, CAP/CAMEL, SMS, IS-41, Megaco/H.248, MGCP, SIP, SDP, RTP, SIP-T (ITU, ANSI, UK, DPNSS/DASS2), SCTP, M2PA, M2UA, M3UA, SUA, IAU, DUA, V5UA, TCP, UDP, IP and others are decoded in detaild by this product.
- STINGA SIP Simulator
Protocol simulator for SIP and SDP protocol testing.
This product from NetQoS analyzes application response times without the need to deploy client-side agents.
TCPKillNT is a TCP connection "Reset" utility for Microsoft Windows NT platforms. It has the ability to send RST packets to already established TCP connections. Quite deadly on a LAN. It is very useful for IDS kind of products which need to terminate a TCP session.
ting is an OSI layer 4 connectivity assurance tool. It supports UDP multicast, unicast and TCP/IP. It makes use of the packet capture library to perform passive multicast monitoring.
Borland C++ Builder wrapper for WinPcap. Comes with a sample application.
TraceDet is a Traceroute Detector for Windows NT. Basically, it detects and logs if somebody trace routes to your host. The idea is that when somebody traces to your host, you receive IP packets with TTL value equal to 1. So, TraceDet looks out for such packets.
tracetcp is a command line traceroute utility for WIN32 that uses TCP SYN packets rather than ICMP/UDP packets that the usual implementations use, thus bypassing gateways that block traditional traceroute packets.
MZL & Novatech TrafficStatistic shows the consumed traffic volume comfortably in system tray.
A tool to measure network traffic by service (FTP, mail, news, web, UDP etc)
TrafMeter is an utility for accounting and realtime monitoring of Internet traffic to and from a local network. It includes flexible filter engine, extensive logging facility and friendly user interface.
uIP is an implementation of the TCP/IP protocol stack intended for small 8-bit and 16-bit microcontrollers. It provides the necessary protocols for Internet communication, with a very small code footprint and RAM requirements - the uIP code size is on the order of a few kilobytes and RAM usage is on the order of a few hundred bytes.
- Unsniff Network Analyzer
Unsniff features brand new visualization of packet data, advanced reassembly capabilities, full stream monitoring and several other enhancements over the current crop of network analyzers. What really sets Unsniff apart is its Scripting capabilities. Unsniff allows you to write your own network analysis scripts using the Ruby scripting language.You can also write powerful protocol handlers and other types of plugins using XML and/or C++. Unsniff is even available in Japanese.
- Url Snooper
Url Snooper is a a program written to help users locate the urls of audio and video files so that they can be recorded.
VB.PCAP is an "Open Source and completely free" packet capture library for Visual Basic (tested on VB5 and VB6, not tested on VB.NET) based on Winpcap. The library exposes a set of APIs, that wrap aroud Winpcap using the _stdcall convention. The library is the foundstone for a network analyzer in VB.
- Viper Chat
ViperChat is a FREE LAN chat client compatible with Vypress Chat™ protocol version 1.93. It uses UDP communication over WinPcap.
- Warp Pipe
Warp Pipe is free software that runs on your PC or Mac and is available for Windows, Mac OSX, Linux, and BSD operating systems. While running on your PC or Mac, Warp Pipe allows you to play LAN-enabled Nintendo GameCube games over the Internet with other GameCube gamers.
Watt-32 is a library for making networked TCP/IP programs in the language of C and C++ under DOS and Windows-NT.
Websnurf is a small application that follows a user web-surfing; that is to say, as you run WebSnurf on your PC, you can pursue web-surfing movements made on another PC. Obviously, you have to be connected over the same LAN.
Win32::NetPacket is an Object-Oriented interface to the WinPcap packet.dll library.
- Windows ARP Spoofer
Windows ARP Spoofer (WinArpSpoof) is a program that can scan the computers including network devices and can spoof their ARP tables on local area network and can act as a router while pulling all packets on LAN.
- Windows Toolbox
The Windows Toolbox is a comprehensive collection of software and information for Windows - a toolbox of high quality applications and utilities for a wide array of functions, all freely re-distributable and under Free, Open Source, Freeware, Shareware or similar licences; documents on installing, configuring and maintaining Windows and various software applications, for stability, performance, usability and security.
WinDump is the Windows version of the famous tcpdump Unix tool. It's developed and maintained by the WinPcap team.
Winfingerprint is a Win32 Host/Network Enumeration Scanner. Winfingerprint is capable of performing SMB, TCP, UDP, ICMP, RPC, and SNMP scans.
WinPcapArp is ARP client library that works on Windows OS(NT and 2000). The main purpose of this library is to get a MAC address of the target ethernet NIC with the IP address.
WinPcapDhcpCD is a DHCP client demon library that works on Windows OS (NT and 2000). The purpose of this library is to get more than one IP addresses in your application program.
WinSniff is an application for capturing packets on the network. It displays all the packets that are transmitted on the local network and gives detailed information about each header in the packet.
WinWhif allows any PC running Windows (95, 98, NT or 2000) to record the DICOM traffic between two machines on the same network. It can be useful in diagnosing DICOM communications problems.
Wireshark (formerly known as Ethereal) is the world's most popular network analyzer. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver.
YATT is a project to replace the current proliferation of trace tools ( tcpTrace, proxyTrace, pcapTrace ), with a single extensible tracing tool. YATT features a new GUI built with WTL, complete with a Hex View mode, and currently ships with 2 Trace providers, one based on WinPCAP and one based on the W2K Raw sockets support.
York logs ip/fqdn addresses if all traffic. It can save sniffed http and ftp files. Also you can sniff for HTTP, FTP, POP3, SMTP, SMB, VNC and AIM password/hash. Further you can see the web browsing from other users, so your browser will show the same pages as the selected user. A screensaver is included, it shows the pictures which are sniffed in a slide show manner.
출처 : http://blog.naver.com/java2core