Network traffic / Tráfico de red

This Web page does not contain information about the traffic in your city but the traffic crossing your communication networks, how to analyze it, inspect it to detect its anomalies, and how to play with it and its security. As you probably supposse, it is mainly a TCP/IP oriented resource.
Esta página Web no contiene información sobre el tráfico en tu ciudad, sino sobre el tráfico que atraviesa tus redes de comunicaciones, como analizarlo, inspeccionarlo para detectar anomalías, y cómo jugar con él y con su seguridad. Como puedes suponer está orientado principalmente a TCP/IP.

Whitepapers / Artículos

ICMP Usage In Scanning Ofir Arkin July 2001

UDP Backoff Pattern Fingerprinting (IPSec - ISAKMP) Roy Hills January 2003

PSK Cracking using IKE Aggressive Mode M. Thumann, E. Rey

TCP/IP Skills Required for Security Analysts Don Parker May 17, 2004

TCP/IP Skills Required for Security Analysts (Part 2) Don Parker June 9, 2004

Detecting Worms and Abnormal Activities with NetFlow, Part 1 Yiming Gong August 2004

Detecting Worms and Abnormal Activities with NetFlow, Part 2 Yiming Gong September 2004

Software Firewalls versus Wormhole Tunnels B. Rudis, P. Kostenbader May 2005

Introduction to IPAudit Paul Asadoorian July 2005

Tools / Herramientas

netcat Hobbit Network cat for Unix, using TCP or UDP protocol (Windows )

CryptCat Farm9.com netcat enhanced with twofish encryption (Windows, BSD & Linux)

SDB Cycom Shadowinteger's Backdoor: a netcat clone (portable & strong encryption)

Project Loki daemon9, alhambra ICMP tunneling: description & implementation

redir Sam Creasey Linux TCP port redirector

nstx Florian Heinz The Nameserver Transfer Protocol: DNS tunneling

Analysis

Ethereal Gerald Combs Multi-platform graphical protocol analyzer

TcpDump V. Jacobson, C. Leres, S. McCanne Sniffer: dump traffic on a network (WinDump)

ngrep Jordan Ritter Network grep

Snort Marty Roesch The open-source network intrussión detection systems (NIDS)

tcpflow Jeremy Elson A TCP Flow Recorder

tcpstat Paul Herman Reports certain network interface statistics (like vmstat for system)

EtherApe Juan Toledo Graphical network monitor for Unix modeled after etherman

Chaosreader Brendan Gregg Trace TCP/UDP/... sessions and fetch application data from tcpdump logs

Ndiff James Levine Compares two nmap scans and outputs the differences

NWatch James Levine Sniffer and passive port scanner

Injection

Hping(2) Antirez (S. Sanfilippo) Command-line oriented TCP/IP packet assembler/analyzer

Tcpreplay Aaron Turner Pcap editing and replay tools for *NIX

Nemesis Mark Grimes, M. Schiffman Command-line network packet injection utility for Unix and Windows

PackIT Darren Bounds Packet toolkit is a network auditing tool: network injection and capture

ISIC Mike Frantzen IP Stack Integrity Checker

SendIP Mike Ricketts Commandline tool to allow sending arbitrary IP packets

Firewalk M. Schiffman, D. Goldsmith Active reconnaissance network tool to analyze IP forwarding devices

Ant Marek Wardzinski Graphical tool for building and injectionf network frames

Scapy Phil Biondi Interactive packet manipulation tool, packet generator...

Libraries

(Lib)PCAP V. Jacobson, C. Leres, S. McCanne Packet Capture library (WinPCAP)

(Lib)NET Mike D. Schiffman Packet (network) Construction library

(Lib)NIDS Rafal Wojtczuk NIDS library: IP defrag, TCP reassembly and TCP port scan detection

(Lib)radiate M. Schiffman, T. Newsham 802.11b frame assembly/injection library

(Lib)sf S. Bracken, M. Schiffman IP stack fingerprinting library

(Lib)ipg (ipgeo) Mike D. Schiffman Library for the IP2LOCATION database:geo-targeting of IP addresses

Libdnet Dug Song Provides a simplified, portable interface to several low-level networking routines

OS & Service identification

Nmap Fyodor Active OS fingerprinting (nmap -O) and version scanning (nmap -sV)

THC-Amap van Hauser (The Hackers Choice) Active application protocol detection

PADS Matt Shelton Passive network signature-based detector

Xprobe(2) Ofir Arkin, Fyodor Yarochkin Active OS fingerprinting tools based on the ICMP protocol

ISNprober Tom Vandepoel Samples TCP Initial Sequence Numbers to determine TCP/IP stack matching

Firewalling

iptables/netfilter Netfilter Core Team Network filtering, NAT and packet mangling framework inside the Linux kernel

Shorewall Tom Eastep High-level tool for configuring Netfilter

FireHOL Costa Tsaousis The iptables stateful packet filtering firewall builder

GuardDog Simon Edwards A firewall configuration utility for Linux systems

Easy Firewall Generator Scott Morizot PHP Web application that generates an iptables firewall script

IPSec

ike-scan NTA Monitor VPN Discovery and Fingerprinting tool

IKECrack Anton T. Rager Bruteforce crack for IPSec authentication

Web

IEEE OUI assignments MAC vendor codes (OUIs)

IANA Matrix IANA Matrix for Protocol Parameter Assignment/Registration Procedures

IANA Ether types List of Ethernet types, MAC vendor codes, unicast & multicast

IANA Multicast addresses List of Internet multicast addresses assignments

IANA Protocols List of protocols numbers

IANA ARP parameters List of ARP types and codes

IANA ICMP parameters List of ICMP types and corresponding codes

IANA IP parameters List of IP options and TOS parameters

IANA TCP parameters List of TCP options and checksums

IANA TCP header flags List of TCP header flags and usage

OS fingerprinting Lists of fingerprints for passive fingerprint monitoring

SANS TCP/IP Pocket Reference Guide TCP/IP and Tcpdump Flyer (cheat sheet)

SANS IPv6 TCP-IP Pocket Guide IPv6 Flyer (cheat sheet)

Lib(Pcap/dnet/net) applications and resources List of networking applications (Bill Stearns)

Sys-Security Group whitepapers IP security related research

SAR Smurf Amplifier Registry

Ethereal display filters Filtering expressions for ethereal and tethereal

BPF filters PCAP filtering expression syntax

Port numbers

IANA Port numbers List of TCP & UDP port numbers registered

Trojan port list List of common TCP & UDP trojan's ports (G-Lock)

Trojan ports list List of common TCP & UDP trojan's ports (DoShelp)

Trojan list sorted on trojan port Common trojan's ports list (various alternatives)

Trojan port list Common trojan's ports list plus other references

Trojan port list Neohapsis

ICMP Usage In Scanning	Ofir Arkin	July 2001
UDP Backoff Pattern Fingerprinting (IPSec - ISAKMP)	Roy Hills	January 2003
PSK Cracking using IKE Aggressive Mode	M. Thumann, E. Rey
TCP/IP Skills Required for Security Analysts	Don Parker	May 17, 2004
TCP/IP Skills Required for Security Analysts (Part 2)	Don Parker	June 9, 2004
Detecting Worms and Abnormal Activities with NetFlow, Part 1	Yiming Gong	August 2004
Detecting Worms and Abnormal Activities with NetFlow, Part 2	Yiming Gong	September 2004
Software Firewalls versus Wormhole Tunnels	B. Rudis, P. Kostenbader	May 2005
Introduction to IPAudit	Paul Asadoorian	July 2005

netcat	Hobbit	Network cat for Unix, using TCP or UDP protocol (Windows )
CryptCat	Farm9.com	netcat enhanced with twofish encryption (Windows, BSD & Linux)
SDB	Cycom	Shadowinteger's Backdoor: a netcat clone (portable & strong encryption)
Project Loki	daemon9, alhambra	ICMP tunneling: description & implementation
redir	Sam Creasey	Linux TCP port redirector
nstx	Florian Heinz	The Nameserver Transfer Protocol: DNS tunneling
	Analysis
Ethereal	Gerald Combs	Multi-platform graphical protocol analyzer
TcpDump	V. Jacobson, C. Leres, S. McCanne	Sniffer: dump traffic on a network (WinDump)
ngrep	Jordan Ritter	Network grep
Snort	Marty Roesch	The open-source network intrussión detection systems (NIDS)
tcpflow	Jeremy Elson	A TCP Flow Recorder
tcpstat	Paul Herman	Reports certain network interface statistics (like vmstat for system)
EtherApe	Juan Toledo	Graphical network monitor for Unix modeled after etherman
Chaosreader	Brendan Gregg	Trace TCP/UDP/... sessions and fetch application data from tcpdump logs
Ndiff	James Levine	Compares two nmap scans and outputs the differences
NWatch	James Levine	Sniffer and passive port scanner
	Injection
Hping(2)	Antirez (S. Sanfilippo)	Command-line oriented TCP/IP packet assembler/analyzer
Tcpreplay	Aaron Turner	Pcap editing and replay tools for *NIX
Nemesis	Mark Grimes, M. Schiffman	Command-line network packet injection utility for Unix and Windows
PackIT	Darren Bounds	Packet toolkit is a network auditing tool: network injection and capture
ISIC	Mike Frantzen	IP Stack Integrity Checker
SendIP	Mike Ricketts	Commandline tool to allow sending arbitrary IP packets
Firewalk	M. Schiffman, D. Goldsmith	Active reconnaissance network tool to analyze IP forwarding devices
Ant	Marek Wardzinski	Graphical tool for building and injectionf network frames
Scapy	Phil Biondi	Interactive packet manipulation tool, packet generator...
	Libraries
(Lib)PCAP	V. Jacobson, C. Leres, S. McCanne	Packet Capture library (WinPCAP)
(Lib)NET	Mike D. Schiffman	Packet (network) Construction library
(Lib)NIDS	Rafal Wojtczuk	NIDS library: IP defrag, TCP reassembly and TCP port scan detection
(Lib)radiate	M. Schiffman, T. Newsham	802.11b frame assembly/injection library
(Lib)sf	S. Bracken, M. Schiffman	IP stack fingerprinting library
(Lib)ipg (ipgeo)	Mike D. Schiffman	Library for the IP2LOCATION database:geo-targeting of IP addresses
Libdnet	Dug Song	Provides a simplified, portable interface to several low-level networking routines
	OS & Service identification
Nmap	Fyodor	Active OS fingerprinting (nmap -O) and version scanning (nmap -sV)
THC-Amap	van Hauser (The Hackers Choice)	Active application protocol detection
PADS	Matt Shelton	Passive network signature-based detector
Xprobe(2)	Ofir Arkin, Fyodor Yarochkin	Active OS fingerprinting tools based on the ICMP protocol
ISNprober	Tom Vandepoel	Samples TCP Initial Sequence Numbers to determine TCP/IP stack matching
	Firewalling
iptables/netfilter	Netfilter Core Team	Network filtering, NAT and packet mangling framework inside the Linux kernel
Shorewall	Tom Eastep	High-level tool for configuring Netfilter
FireHOL	Costa Tsaousis	The iptables stateful packet filtering firewall builder
GuardDog	Simon Edwards	A firewall configuration utility for Linux systems
Easy Firewall Generator	Scott Morizot	PHP Web application that generates an iptables firewall script
	IPSec
ike-scan	NTA Monitor	VPN Discovery and Fingerprinting tool
IKECrack	Anton T. Rager	Bruteforce crack for IPSec authentication

IEEE OUI assignments	MAC vendor codes (OUIs)
IANA Matrix	IANA Matrix for Protocol Parameter Assignment/Registration Procedures
IANA Ether types	List of Ethernet types, MAC vendor codes, unicast & multicast
IANA Multicast addresses	List of Internet multicast addresses assignments
IANA Protocols	List of protocols numbers
IANA ARP parameters	List of ARP types and codes
IANA ICMP parameters	List of ICMP types and corresponding codes
IANA IP parameters	List of IP options and TOS parameters
IANA TCP parameters	List of TCP options and checksums
IANA TCP header flags	List of TCP header flags and usage
OS fingerprinting	Lists of fingerprints for passive fingerprint monitoring
SANS TCP/IP Pocket Reference Guide	TCP/IP and Tcpdump Flyer (cheat sheet)
SANS IPv6 TCP-IP Pocket Guide	IPv6 Flyer (cheat sheet)
Lib(Pcap/dnet/net) applications and resources	List of networking applications (Bill Stearns)
Sys-Security Group whitepapers	IP security related research
SAR	Smurf Amplifier Registry
Ethereal display filters	Filtering expressions for ethereal and tethereal
BPF filters	PCAP filtering expression syntax
Port numbers
IANA Port numbers	List of TCP & UDP port numbers registered
Trojan port list	List of common TCP & UDP trojan's ports (G-Lock)
Trojan ports list	List of common TCP & UDP trojan's ports (DoShelp)
Trojan list sorted on trojan port	Common trojan's ports list (various alternatives)
Trojan port list	Common trojan's ports list plus other references
Trojan port list	Neohapsis