Ettercap

It is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.

Ethereal is a network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. Ethereal can read capture files from tcpdump (libpcap), NAI s Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, snoop, Shomiti Surveyor, AIX s iptrace, Microsoft s Network Monitor, Novell s LANalyzer, RADCOM s WAN/LAN Analyzer, HP-UX nettl, ISDN4BSD, Cisco Secure IDS iplog, the pppd log (pppdump-format), and the AG Group s/Wildpacket s Etherpeek. It can also read traces made from Lucent/Ascend WAN routers and Toshiba ISDN routers. Any of these files can be compressed with gzip and Ethereal will decompress them on the fly.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program comes in two versions because of the differences and limitations of some API.

It is a suite of utilities that are useful for penetration testing. It consists of the following programs: arpredirect intercepts packets from a target host on the LAN intended for another host on the LAN by forging ARP replies. findgw determines the local gateway of an unknown network via passive sniffing. macof floods the local network with random MAC addresses. tcpkill kills specified in-progress TCP connections. dsniff is a simple password sniffer which handles many protocols. mailsnarf outputs all messages sniffed from SMTP traffic in Berkeley mbox format. webspy sends URLs sniffed from a client to your local Netscape browser for display, updated in real-time. Changes: Dsniff can now parse Microsoft SMB, Citrix ICA, Oracle SQL*Net (v2/Net8), and LDAP.

Platform: Windows / *NIX / Linux

ScoopLM

ScoopLM captures LM/ NTLM authentication information (LanManager and Windows NT challenge/response) on the network. ScoopLM supports microsoft-ds (Direct SMB hosting service; 445 NTLMSSP), Active Directory, NTLMv2 on NetBIOS over TCP/IP, Telnet, IIS (HTTP) and DCOM over TCP/IP.

HTTPLook is a http sniffer, which gives a complete picture of any site at work. HTTPLook can restore the data transmitted between the local computer and the server and show the control footing and contents of the captured resources.