Everyone’s favorite packet sniffer has a new stable release. Wireshark 1.2.0 has a slew of new features. They’ve included a 64-bit Windows installer and improved their OSX support. A number of new protocols are recognized and filter selection autocompletes. One of the more interesting additions is the combined GeoIP and OpenStreetMap lookups. We’re excited about this new release as Wireshark has proven an indispensable tool in the past for figure out exactly what was going on on our network.
[via Lifehacker]
now all it needs is a wep cracker.
totally unrelated, i just built a tater gun that shoots spuds 350 yards!
i don’t like whireshark since it eats lot of memory (especialy when capuring lot of packets or for a long time).
go and try ngrep! for both windows and *nixes.
very handy:
ngrep -d eth0
or eg.:
ngrep -d wlan0 dst port 21 “USER|PASS” > http://ftp.txt
but there really needs to be a wep cracker for windows
WEP cracker? You can crack WEP in windows with aircrack-ng. I believe if your card is supported you can also capture packets with it too but i believe aircrack-ng discontinued windows support a few years back. Cain n Able also for Windows.
Go do a attack on a WEP point from a NT machine and you’ll see why nobody bothers. It takes forever without injection. I forget why but you can’t put the chip into the mode it needs from NT without heavy reverse engineering.
I could be wrong.
The easiest way to do WEP cracking is just to get a hold of a wireless card that supports packet injecting, and to use a BackTrack3/4 live cd or run it off of a USB thumb drive.
http://www.wildpackets.com/support/hardware/airopeek_12
those are some cards, google around and I’m sure you’ll find more.
harvie hit it on the head, wireshark is nice for small grabs, but if you try and do large data grabs with it, forget about it.
WS is not for huge packet capturing safari. You certainly would not use notepad to code a project like firefox…
They worked on this memory usage problem:
Several memory leaks have been found and fixed.
But at the time you are trying to display every packet on the screen and wanted to be able to scroll over them, you need to put those on memory… Using the ngrep method you put it on a file (and WS can do that too if you disable the display of packets in the gui)
During capture, use tshark -w instead. Afterwards, to speed up handling, turn off any irrelevant protocols (however a more restrictive capture filter might do better).
I use it for reversing sometimes. Like with key gens that return from a server. I can use the data to patch jumps in ollydbg etc