Network Tools for Windows

Ethereal is a free network protocol analyser for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk (useful for BlackIce Evidence FIles). You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. The download link is for the Windows version. Click here for Linux and other distributions.

Forensic Toolkit - This tool is a file properties analyzer. Examine the files on a disk drive for unauthorized activity. Lists files by their last access time, search for access times between certain time frames, scan the disk for hidden files, data streams. Dump file and security attributes. Report on audited files. Discover altered ACL's. See if a server reveals too much info via NULL sessions.

GSNetScan - from Goldseal Studios. This tool allows network admins to "scan" any TCP\IP based network for possible security holes. There are 2 types of scans that can be performed: Service Scans and Port Scans. A Service Scan searches a remote system for some of the more common services that may be running. A Port Scan scans a range of TCP\IP ports to determine which are accepting connections and could possibly be used to breach that remote systems security. GSNetScan also has a feature called Netmap which allows you to scan a subnet to determine which nodes show up as being "alive". It is not stealthed at all so should only be used for "legitimate" network auditing.

Foundstone, Inc.® Strategic Security

Fport - command line based utility - fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.
Forensic Toolkit - This tool is a file properties analyzer. Examine the files on a disk drive for unauthorized activity. Lists files by their last access time, search for access times between certain time frames, scan the disk for hidden files, data streams. Dump file and security attributes. Report on audited files. Discover altered ACL's. See if a server reveals too much info via NULL sessions.
SuperScan 3.0 - from Foundstone is a powerful connect-based TCP port scanner, pinger and hostname resolver. Multithreaded and asynchronous techniques make this program extremely fast and versatile.Perform ping scans and port scans using any IP range.

eEye Digital Security

Copyright © 1996-2007 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Standard disclaimer: The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: February 28, 2008