alien Posted August 22, 2012 Report Posted August 22, 2012 NetSleuth features:A realtime overview of devices connected to a network.No requirement for hardware or reconfiguration of networks.“Silent portscanning” and undetectable network monitoring.Offline analysis of pcap files to aid in intrusion response and network forensics.Automatic identification of a vast array of device types, including smartphones, tablets, gaming consoles, printers, routers, desktops and moreSilent PortScanningMany network devices broadcast various information across the network. Often this is for ‘zero configuration’ style services, for example Apple’s Bonjour protocol. This information often contains information on the machine, and services running on that device – great information for fingerprinting.For this reason, it is possible to obtain port scanning style information completely silently. NetSleuth also does not put the network adapters into promiscuous mode, mitigating some techniques to detect sniffing network adapters.No ConfigurationNetSleuth is a 100% software solution, and will monitor traffic on switched or hubbed networks. Any Windows machine on the network can be used.Offline AnalysisA network capture from any network with consumer devices will contain a huge amount of rich broadcast traffic for analysis. NetSleuth can analyse and extract this data from .pcap files from Snort, Wireshark or other tools. It can also analyse data intercepted by Kismet (the .pcapdump) files.ProtocolsNetSleuth can extract, analyse and fingerprint devices from the following protocolsApple MDNS / BonjourSMB / CIFS / NetBiosDHCP (using the fingerbank.org resource)SSDP (as used in Microsoft Zero Config)DownloadWindows version - Download NetSleuth | NetGrab SecurityConsole version - NetSleuth Console | NetGrab SecurityUsage:python netsleuth.py -o <the name of a pcap file>python netsleuth.py -i <the name of a network adapter you want to sniff on – eg eth0> Quote
