Netsniff-Ng – A Swiss Army Knife For Your Daily Linux Network Plumbing

netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will.Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.Our toolkit can be used for network development and analysis, debugging, auditing or network reconnaissance.The netsniff-ng toolkit consists of the following utilities:netsniff-ng, a fast zero-copy analyzer, pcap capturing and replaying tooltrafgen, a multithreaded low-level zero-copy network packet generatormausezahn, high-level packet generator for HW/SW appliances with Cisco-CLI*bpfc, a Berkeley Packet Filter compiler, Linux BPF JIT disassemblerifpps, a top-like kernel networking statistics toolflowtop, a top-like netfilter connection tracking toolcurvetun, a lightweight curve25519-based IP tunnelastraceroute, an autonomous system (AS) trace route utilityGet it via Git:   git clone git://github.com/netsniff-ng/netsniff-ng.gitToolsnetsniff-ng is a fast network analyzer based on packet mmap(2) mechanisms. It can record pcap files to disc, replay them and also do an offline and online analysis. Capturing, analysis or replay of raw 802.11 frames are supported as well. pcap files are also compatible with tcpdump or Wireshark traces. netsniff-ng processes those pcap traces either in scatter-gather I/O or by mmap(2) I/O.trafgen is a multi-threaded network traffic generator based on packet mmap(2) mechanisms. It has its own flexible, macro-based low-level packet configuration language. Injection of raw 802.11 frames are supported as well. trafgen has a significantly higher speed than mausezahn and comes very close to pktgen, but runs from user space. pcap traces can also be converted into a trafgen packet configuration.mausezahn is a high-level packet generator that can run on a hardware-software appliance and comes with a Cisco-like CLI. It can craft nearly every possible or impossible packet. Thus, it can be used, for example, to test network behaviour under strange circumstances (stress test, malformed packets) or to test hardware-software appliances for several kind of attacks.bpfc is a Berkeley Packet Filter (BPF) compiler that understands the original BPF language developed by McCanne and Jacobson. It accepts BPF mnemonics and converts them into kernel/netsniff-ng readable BPF “opcodes”. It also supports undocumented Linux filter extensions. This can especially be useful for more complicated filters, that high-level filters fail to support.ifpps is a tool which periodically provides top-like networking and system statistics from the Linux kernel. It gathers statistical data directly from procfs files and does not apply any user space traffic monitoring that would falsify statistics on high packet rates. For wireless, data about link connectivity is provided as well.flowtop is a top-like connection tracking tool that can run on an end host or router. It is able to present TCP or UDP flows that have been collected by the kernel’s netfilter framework. GeoIP and TCP state machine information is displayed. Also, on end hosts flowtop can show PIDs and application names that flows relate to. No user space traffic monitoring is done, thus all data is gathered by the kernel.curvetun is a lightweight, high-speed ECDH multiuser tunnel for Linux. curvetun uses the Linux TUN/TAP interface and supports {IPv4,IPv6} over {IPv4,IPv6} with UDP or TCP as carrier protocols. Packets are encrypted end-to-end by a symmetric stream cipher (Salsa20) and authenticated by a MAC (Poly1305), where keys have previously been computed with the ECDH key agreement protocol (Curve25519).astraceroute is an autonomous system (AS) trace route utility. Unlike traceroute or tcptraceroute, it not only display hops, but also their AS information they belong to as well as GeoIP information and other interesting things. On default, it uses a TCP probe packet and falls back to ICMP probes in case no ICMP answer has been received.Concluding, the toolkit is split into small, useful utilities that are or are not necessarily related to each other. Each program for itself fills a gap as a helper in your daily network debugging, development or audit.  Download Netsniff-Ng

Link: http://feedproxy.google.com/~r/PentestTools/~3/i86oZPByzMQ/netsniff-ng-swiss-army-knife-for-your.html

3 Best DNS Benchmarking Tools

DNS server is responsible for forwarding your domain requests to IP address of the website. There are several DNS servers around the globe. Your ISP also provides a default DNS server that your internet connection uses. But you can use any publicly available DNS server for faster access to Internet. We have already made a […]
The post 3 Best DNS Benchmarking Tools appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/-FtBp9g9veY/best-dns-benchmarking-tools.html

3 Best Wireshark Alternatives for Android

Wireshark is the most popular network packet analyser that lets you see network traffic going out and coming in to all computers in the network. So, you can see anything on your network that’s not encrypted. The only problem is that Wireshark is not available for Android. While most of the people now prefer Android […]
The post 3 Best Wireshark Alternatives for Android appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/zFUke8qjSGY/best-wireshark-alternatives-for-android.html

Metta – An Information Security Preparedness Tool To Do Adversarial Simulation

Metta is an information security preparedness tool.This project uses Redis/Celery, python, and vagrant with virtualbox to do adversarial simulation. This allows you to test (mostly) your host based instrumentation but may also allow you to test any network based detection and controls depending on how you set up your vagrants.The project parses yaml files with actions and uses celery to queue these actions up and run them one at a time without interaction.Installationsee setup.mdThere is also a wikiRunning actionsThe various actions live in the MITRE folder sorted by MITRE ATT&CK phases and also in Adversarial_SimulationJust run the python and yaml file of your choice$ python run_simulation_yaml.py -f MITRE/Discovery/discovery_win_account.ymlYAML FILE: MITRE/Discovery/discovery_account.yamlOS matched windows…sending to the windows vagrantRunning: cmd.exe /c net group \”Domain Admins\" /domainRunning: cmd.exe /c net user /addRunning: cmd.exe /c net user /domainRunning: cmd.exe /c net localgroup administratorsRunning: cmd.exe /c net shareRunning: cmd.exe /c net useRunning: cmd.exe /c net accountsRunning: cmd.exe /c net config workstationRunning: cmd.exe /c dsquery serverRunning: cmd.exe /c dsquery user -name smith* | dsget user -dn -descRunning: cmd.exe /c wmic useraccount list /format:listRunning: cmd.exe /c wmic ntdomainRunning: cmd.exe /c wmic group list /format:listRunning: cmd.exe /c wmic sysaccount list /format:listMaking actionsThe actions and scenarios live in the MITRE folder sorted by MITRE ATT&CK phases and also in Adversarial_Simulation The most important parts are the OS field and the purple_actionsos: will tell the tool which vagrant to send the command to, obviously *nix commands on windows wont work out so wellpurple_actions: an array of commands to run sequentiallyMaking scenariosScenarios are a list of paths to actions.The code will be looking for a scenario: True field and scenario_actions list. Example below: GotchasThe tool takes the string from purple_actions and encapsulates it in quotes. Therefore you need to escape any other quotes, ticks, weird shell characters in your command.Use the output of the vagrant/celery piece to make sure things are working like they shouldWhy Metta?Metta (Pali) Loving kindness, gentle friendship; a practice for generating loving kindness said to be first taught by the Buddha as an antidote to fear. It helps cultivate our natural capacity for an open and loving heart and is traditionally offered along with other Brahma-vihara meditations that enrich compassion, joy in the happiness of others and equanimity. These practices lead to the development of concentration, fearlessness, happiness and a greater ability to love. Download Metta

Link: http://feedproxy.google.com/~r/PentestTools/~3/bd9ufgk8P0Y/metta-information-security-preparedness.html

15 Best Free DNS Servers For Faster Internet Speed

Every website on the Internet gets a unique IP address. But remembering the IP address was not easy for human being. So, they started using domain names. For example, you need to type google.com to access it. Think if you needed to remember its IP address. That could be impossible. Internet still works on IP […]
The post 15 Best Free DNS Servers For Faster Internet Speed appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/yqie-uef6eI/best-free-dns-servers-for-faster-internet-speed.html