Search the Community

NetSleuth features: A realtime overview of devices connected to a network. No requirement for hardware or reconfiguration of networks. “Silent portscanning” and undetectable network monitoring. Offline analysis of pcap files to aid in intrusion response and network forensics. Automatic identification of a vast array of device types, including smartphones, tablets, gaming consoles, printers, routers, desktops and more Silent PortScanning Many network devices broadcast various information across the network. Often this is for ‘zero configuration’ style services, for example Apple’s Bonjour protocol. This information often contains information on the machine, and services running on that device – great information for fingerprinting. For this reason, it is possible to obtain port scanning style information completely silently. NetSleuth also does not put the network adapters into promiscuous mode, mitigating some techniques to detect sniffing network adapters. No Configuration NetSleuth is a 100% software solution, and will monitor traffic on switched or hubbed networks. Any Windows machine on the network can be used. Offline Analysis A network capture from any network with consumer devices will contain a huge amount of rich broadcast traffic for analysis. NetSleuth can analyse and extract this data from .pcap files from Snort, Wireshark or other tools. It can also analyse data intercepted by Kismet (the .pcapdump) files. Protocols NetSleuth can extract, analyse and fingerprint devices from the following protocols Apple MDNS / Bonjour SMB / CIFS / NetBios DHCP (using the fingerbank.org resource) SSDP (as used in Microsoft Zero Config) Download Windows version - Download NetSleuth | NetGrab Security Console version - NetSleuth Console | NetGrab Security Usage: python netsleuth.py -o <the name of a pcap file> python netsleuth.py -i <the name of a network adapter you want to sniff on – eg eth0>