SwitchSniffer 1.6
发布: 2009-8-03 21:25 | 作者: Allan | 来源: 《深圳赛佛莱特科技有限公司》技术版
SwitchSniffer is a program that can scan your switched LAN for up hosts and can reroute and collect all packets without the target users' recognition. It can also detect the ‘arpspoofer’ program running on the network and block user definable sessions like firewall. If you use this program in tandem with any sniffer program, you can capture and see the users’ IDs and passwords on a switched network.
That is, SwitchSniffer enables you to monitor all the packets and all the hosts on a switch network.
SwitchSniffer has the following features:
SwitchSniffer can poll and collect all the packets on the switched LAN.
SwitchSniffer can scan and display the active hosts on the LAN quickly, and automatically.
While spoofing ARP tables, SwitchSniffer can act as another gateway (or ip-forwarder) without other users' recognition on the LAN.
It can collect and forward packets by selecting inbound, outbound, and both to be sent to the Internet.
An ARP table is recovered automatically in about 30 seconds. But, SwitchSniffer can keep spoofing continuously by updating the target computer’s ARP table more frequently.
If one or more network interface cards are installed on a computer, you can choose which NIC you would like SwitchSniffer to scan and spoof through.
SwitchSniffer can display information about the amount of data transferred to and from the internet.
SwitchSniffer can detect if any computer on the LAN is running an ‘arpspoofer’ program.
SwitchSniffer can filter: sessions, local hosts, and remote hosts.
The installation of the ‘winpcap’ driver is not necessary for SwitchSniffer.
SwitchSniffer can manage the local hosts based on MAC Address.
SwitchSniffer can act as a plug-and-played router.
SwitchSniffer can export the data of view into an excel file.
SwitchSniffer has the following benefits:
SwitchSniffer can find the hidden hosts on the LAN, which is not found by IP-Scanners.
SwitchSniffer can find if abnormal hosts are connected to your wireless network.
SwitchSniffer protects your network from abnormal users.
SwitchSniffer can check if there are abnormal packets on the LAN.
SwitchSniffer allows you to capture user IDs, passwords, chat sessions and web sessions etc., on the switched network through the use of a sniffer application.
SwitchSniffer can block the local hosts based on MAC Address.
SwitchSniffer can resolve the problem of IP Collision.
SwitchSniffer can find out the country name by ip address on remote.
SwitchSniffer enables you to monitor all the packets on a switch network.
2. System Requirement
Local : Windows nt4/2000/xp/2003, 25MB free main memory, Network adapter which supports promiscuous mode.
Remote : All computers including network devices must support Ethernet
Local Host Info Screen.
Remote Host Info Screen.
Sessions Info Screen.
Definitions Screen.
Options Screen.
3. What's New
MAC Based Blocking.
Converting the ip address into the country name.
Export the view data into an excel file
Coloring each row items.
Employing the speed bars.
Finding out the collision of ip addresses.
4. Getting Started
1) Install this program (SwitchSniffer).
2) Select Start->Programs->SwitchSniffer->SwitchSniffer.
3) Click “Scan” button to poll which hosts are up on the local network.
4) Select the target hosts on left window, Local View, if you capture the packets from these target hosts you should ensure “Act as a router…” on Options->Spoof page is checked.
5. Known Issues
1) SwitchSniffer must be run with the administrator privileges. If not,
the program will work abnormally.
2) SwitchSniffer does not spoof communication on local network (intranet
communication), only Internet communication.
3) While spoofing, if you unplug the ethernet cable or reboot the system,
then your network is able to die for a while.
4) If you find that the network function of target computer dies:
- First, delete \windows\system32\drivers\nspacket.sys and restart
the system
- Second, ensure that a pcap device driver other than winpcap (npf.sys)
for sniffing is not installed on your system.
For example windis. If an additional driver exists, uninstall it while
using SwitchSniffer.
- Third, if your system is Windows 2003 Server or Windows 2000 Server,
and the system runs a routing service (such as RRAS) then in Options
->Spoof of SwitchSniffer, uncheck "Act as a router while spoofing."
- Fourth, switch the “Act as a Router (or Gateway) while spoofing.”
option to "With System router" Options->Spoof-> select "With System
Router" if you’re using “With Internal Router.”
- Finally, if none of the above solutions fix your problem, please send
us bug report and the problem will be investigated further.
6. Tools and Programs working with SwitchSniffer
Please contact us at support [at] nextsecurity.net to add new tools to this list.
MSN Prototocol Analyzer - Monitoring all the session of MSN Protocol including MSN commands and conversations.
Astral II - the packet capturing software
下载地址:会员FTP1(安全工具、黑软下载/sniffer/SwitchSniffer 1.6/)
That is, SwitchSniffer enables you to monitor all the packets and all the hosts on a switch network.
SwitchSniffer has the following features:
SwitchSniffer can poll and collect all the packets on the switched LAN.
SwitchSniffer can scan and display the active hosts on the LAN quickly, and automatically.
While spoofing ARP tables, SwitchSniffer can act as another gateway (or ip-forwarder) without other users' recognition on the LAN.
It can collect and forward packets by selecting inbound, outbound, and both to be sent to the Internet.
An ARP table is recovered automatically in about 30 seconds. But, SwitchSniffer can keep spoofing continuously by updating the target computer’s ARP table more frequently.
If one or more network interface cards are installed on a computer, you can choose which NIC you would like SwitchSniffer to scan and spoof through.
SwitchSniffer can display information about the amount of data transferred to and from the internet.
SwitchSniffer can detect if any computer on the LAN is running an ‘arpspoofer’ program.
SwitchSniffer can filter: sessions, local hosts, and remote hosts.
The installation of the ‘winpcap’ driver is not necessary for SwitchSniffer.
SwitchSniffer can manage the local hosts based on MAC Address.
SwitchSniffer can act as a plug-and-played router.
SwitchSniffer can export the data of view into an excel file.
SwitchSniffer has the following benefits:
SwitchSniffer can find the hidden hosts on the LAN, which is not found by IP-Scanners.
SwitchSniffer can find if abnormal hosts are connected to your wireless network.
SwitchSniffer protects your network from abnormal users.
SwitchSniffer can check if there are abnormal packets on the LAN.
SwitchSniffer allows you to capture user IDs, passwords, chat sessions and web sessions etc., on the switched network through the use of a sniffer application.
SwitchSniffer can block the local hosts based on MAC Address.
SwitchSniffer can resolve the problem of IP Collision.
SwitchSniffer can find out the country name by ip address on remote.
SwitchSniffer enables you to monitor all the packets on a switch network.
2. System Requirement
Local : Windows nt4/2000/xp/2003, 25MB free main memory, Network adapter which supports promiscuous mode.
Remote : All computers including network devices must support Ethernet
Local Host Info Screen.
Remote Host Info Screen.
Sessions Info Screen.
Definitions Screen.
Options Screen.
3. What's New
MAC Based Blocking.
Converting the ip address into the country name.
Export the view data into an excel file
Coloring each row items.
Employing the speed bars.
Finding out the collision of ip addresses.
4. Getting Started
1) Install this program (SwitchSniffer).
2) Select Start->Programs->SwitchSniffer->SwitchSniffer.
3) Click “Scan” button to poll which hosts are up on the local network.
4) Select the target hosts on left window, Local View, if you capture the packets from these target hosts you should ensure “Act as a router…” on Options->Spoof page is checked.
5. Known Issues
1) SwitchSniffer must be run with the administrator privileges. If not,
the program will work abnormally.2) SwitchSniffer does not spoof communication on local network (intranet
communication), only Internet communication.3) While spoofing, if you unplug the ethernet cable or reboot the system,
then your network is able to die for a while.4) If you find that the network function of target computer dies:
- First, delete \windows\system32\drivers\nspacket.sys and restartthe system- Second, ensure that a pcap device driver other than winpcap (npf.sys)for sniffing is not installed on your system.For example windis. If an additional driver exists, uninstall it whileusing SwitchSniffer.- Third, if your system is Windows 2003 Server or Windows 2000 Server,and the system runs a routing service (such as RRAS) then in Options->Spoof of SwitchSniffer, uncheck "Act as a router while spoofing."- Fourth, switch the “Act as a Router (or Gateway) while spoofing.”option to "With System router" Options->Spoof-> select "With SystemRouter" if you’re using “With Internal Router.”- Finally, if none of the above solutions fix your problem, please sendus bug report and the problem will be investigated further.6. Tools and Programs working with SwitchSniffer
Please contact us at support [at] nextsecurity.net to add new tools to this list.
MSN Prototocol Analyzer - Monitoring all the session of MSN Protocol including MSN commands and conversations.
Astral II - the packet capturing software
下载地址:会员FTP1(安全工具、黑软下载/sniffer/SwitchSniffer 1.6/)