CSniffer Command Line Network Sniffer v1.0.0.3 released

This tool acts much like a standard Ethernet network sniffer. However, unlike a traditional packet sniffer it doesn’t attempt to capture and decode all traffic but instead is geared toward discovering useful infrastructure and security-related data from the network, often from traffic not sent to or from the host system i.e. general broadcast network traffic. This data can reveal all manner of useful information, ranging from live systems on the network, hostnames, Ipv6 systems, routers and name servers, user names and passwords.

Tool requirements

CSniffer runs on Microsoft Windows systems (Windows 2000 upwards) and attempts to sniff network data in promiscuous mode. It can use one of two methods to achieve this:

  • Using Windows’ built-in raw sockets API (default).
  • Using the WinPcap packet driver.

Limitations

Other than the aforementioned requirements of running under an administrator level account, there are some severe limitations when using the built-in Windows raw sockets mode.

The Microsoft raw sockets API has several restrictions that have been introduced over the years in an effort to reduce security risks associated with low level network packet access. Depending on what platform you are running on you may find that you are limited in what data can be seen on the network. A comprehensive list of all known limitations seen on different Windows operating systems and service pack levels of those operating systems has not been compiled, but here are some known issues. Again, this only applies to Windows raw sockets mode.

  • Outgoing UDP and ICMP packets are not captured (OS, SP specific).
  • On Windows XP Sp1, XP Sp3 and Vista no outgoing packets of any kind are captured.
  • On Windows Vista with Sp1, only UDP packets are captured. TCP packets are not captured.

Post scriptum


Comments

Related Articles

CSniffer
Data Sniffer
Information Gathering