Network Mapping
The network mapping directory contains software for exploring and
documenting the layout of a network, traffic paths through a network,
services provided by machines on a network, and performance between
nodes on a network.
o amap
Amap is a next-generation scanning tool that identifies
applications and services even if they are not listening on the
default port by creating a bogus communication.
o arping
Broadcasts a who-has ARP packet on the network and prints answers.
Very useful when you are trying to pick an unused IP for a net that
you don't yet have routing to.
o cheops
Cheops is a network "swiss army knife". It's "network neighborhood"
done right (or gone out of control, depending on your perspective).
It's a combination of a variety of network tools to provide system
adminstrators and users with a simple interface to managing and
accessing their networks. Additionally, cheops has taken on the
role of a network management system, in the same category as one
might put HP Openview.
o clink
clink (Characterize Links) is a utility I wrote that does the same
thing as pathchar -- it estimates the latency and bandwidth of
Internet links by sending UDP packets from a single source and
measuring round-trip times. The basic mechanism is similar to ping
and traceroute, except that clink generally has to send many more
packets.
o dnstracer
dnstracer determines where a given Domain Name Server (DNS) gets
its information from, and follows the chain of DNS servers back to
the servers which know the data.
o domtools
domtools allows you to traverse DNS domain hierarchies, list all
hosts (or subdomains) within a given domain, convert host name to
IP address and vice-versa, convert a normal IP address to the
"in-addr.arpa." format and vice-versa, and more. These commands can
be used manually, or included as building blocks for higher level
DNS tools. They generate output that is easily computer parsable.
o filterrules
Filterrules is a program which allows you to determine the rules of
a firewall in a very reliable way. It is made up of two parts: a
"master", in charge of forging several IP packets, and a "slave",
which listens on the other side of the firewall, and which tells to
the master which packets passed through. At the end of the test,
the firewall rules are displayed in the ipfw format.
o firewalk
Firewalking is a technique developed by Mike D. Schiffman and David
E. Goldsmith that employs traceroute-like techniques to analyze IP
packet responses to determine gateway ACL filters and map networks.
Firewalk the tool employs the technique to determine the filter
rules in place on a packet forwarding device.
o fping
fping is a ping like program which uses the Internet Control
Message Protocol (ICMP) echo request to determine if a host is up.
fping is different from ping in that you can specify any number of
hosts on the command line, or specify a file containing the lists
of hosts to ping.
o gps
gps (ghost port scan) is a port scanner and firewall rules
disclosure tool that uses IP spoofing, ARP cache poisoning and
other methods in order to collect information on a host while
inserting misleading information into any IDS watching the host or
network that is being scanned.
o hping
hping is a command-line oriented TCP/IP packet assembler/analyzer.
The interface is inspired to the ping(8) unix command, but hping
isn't only able to send ICMP echo requests. It supports TCP, UDP,
ICMP and RAW-IP protocols, has a traceroute mode, the ability to
send files between a covered channel, and many other features.
While hping was mainly used as a security tool in the past, it can
be used in many ways by people that don't care about security to
test networks and hosts.
o mtr
mtr combines the functionality of the 'traceroute' and 'ping'
programs in a single network diagnostic tool. As mtr starts, it
investigates the network connection between the host mtr runs on
and a user-specified destination host. After it determines the
address of each network hop between the machines, it sends a
sequence ICMP ECHO requests to each one to determine the quality of
the link to each machine. As it does this, it prints running
statistics about each machine.
o NBTScan
NBTscan is a program for scanning IP networks for NetBIOS name
information. It sends NetBIOS status query to each address in
supplied range and lists received information in human readable
form. For each responded host it lists IP address, NetBIOS computer
name, logged-in user name and MAC address.
o NetPerf
Netperf is a benchmark that can be used to measure the performance
of many different types of networking. It provides tests for both
unidirecitonal throughput, and end-to-end latency. The environments
currently measureable by netperf include TCP and UDP via BSD
Sockets, DLPI, Unix Domain Sockets, Fore ATM API, HP HiPPI Link
Level Access.
o nmap
Nmap ("Network Mapper") is an open source utility for network
exploration or security auditing. It was designed to rapidly scan
large networks, although it works fine against single hosts. Nmap
uses raw IP packets in novel ways to determine what hosts are
available on the network, what services (ports) they are offering,
what operating system (and OS version) they are running, what type
of packet filters/firewalls are in use, and dozens of other
characteristics. Nmap runs on most types of computers, and both
console and graphical versions are available.
o p0f
p0f is a passive OS fingerprinting utility that can identify a
remote machine from just the TCP SYN packet of an incoming
connection. p0f can also detect the type of network the remote
machine is connected to, will often detect NAT, firewall presence,
and even the name of the remote machine's ISP, all without
generating any network traffic. Now integrated into OpenBSD's "pf"
packet filter.
o pchar
pchar is a tool to characterize the bandwidth, latency, and loss of
links along an end-to-end path through the Internet. It is based on
the algorithms of the pathchar utility written by Van Jacobson,
formerly of Lawrence Berkeley Laboratories.
o siphon
The Siphon Project is a passive network mapping software suite.
This software has the ability to map network information including
port information, operating system detection, topology mapping,
vulnerability analysis and network usage statistics without sending
out a single packet.
o winfingerprint
Winfingerprint is a an application to fingerprint a computer
running Windows, providing information about the OS itself, what
services it is running, lists of users, shares, transports,
sessions, service packs and hotfixes in place, date and time, disks
etc.
o xprobe
Written and maintained by Fyodor Yarochkin and Ofir Arkin, Xprobe
(I & II) is an Active OS fingerprinting tools based on Ofir Arkin's
ICMP Usage In Scanning Research project. Xprobe is an alternative
to some tools which are heavily dependent upon the usage of the TCP
protocol for remote active operating system fingerprinting.
(Note: This list of software and information available at Wiretapped is
not exhaustive. Users are encouraged to browse and search the archive
and read any available "-README.txt" files that are available)