IP Sniffer

IP sniffer is a protocol analyzer, that uses the XP/2K Raw Socket features. It supports filtering rules, adapter selection, packet decoding, advanced protocol description and more. Detailed information about each packet is provided in a tree-style view, and the right-click menu allows to resolve or scan the selected source IP address. Additional features include adapter statistics, IP traffic monitoring, traceroute, ping, port scanning, TCP/UDP/ICMP spoofing options, open tcp/udp ports attached to process, mac address changing, and DNS/WINS/SNMP/WHOIS/DHCP queries.

More

http://erwan.l.free.fr/

File Size 5181 kb

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.93.4.0

Changelog

- removed : telnet server
- added : telnet proxy
- modified : replaced BorlndMM.dll for ide
- added : uses fastmm4 to debug memory leaks
- modified : mac vendor codes loader in an array intead of tstrings
- modified : mac vendor codes loaded on 1st call
- added : more ssdp queries
- modified : mac vendor codes updated
- modified : can choose subnet in map2ip window
- todo : check out IUPnPNAT
- added : upnp services
- added : dump user (using LookupAccountSid to bypass rights to enum users)
- todo : fake netbios ns
- added : default password list
- added : change service config
- todo : EnumDependentServices
- added : display all ip (ok and not ok) in ping subnet
- added : color scheme in ping subnet
- todo : fingerprinting
- todo : review timeout in tcprangescan.ScanTCPPort function


http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.93.6.0

Changelog:

todo : check [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters]\TcpTimedWaitDelay
added : local & remote devices using setupapi.dll
fixed : buffersize in wep key decrypt using cryptoapi (note : wpa psk key can be used with wpa_supplicant)
added : wep keys decrypt using wzcapi
fixed : mac dest was wrongly set to 0 in arp reply
added : ip changed notification when mode<>raw


Download:

http&#58;//erwan.l.free.fr/sniffer.zip

IP Sniffer v1.94.2.0
Download:

http&#58;//erwan.l.free.fr/sniffer.zip

IP Sniffer 1.94.44

6527 kb

http&#58;//erwan.l.free.fr/sniffer.zip

IP Sniffer v1.95.0.2

v1.95
added : one unique service for all remote functions
added : save main form pos and size
added : one instance only
added : AD browser
modified : cleanup & compressed ressources for a smaller exe (below 5mb)
todo : right click / send mail
added : mapi mail client

Download

http&#58;//erwan.l.free.fr/sniffer.zip

IP Sniffer v1.95.0.2 Build 20071203

Download

http&#58;//erwan.l.free.fr/sniffer.zip

IP Sniffer 1.96

5847 kb

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.96.0.5


1.96
added : vbs script editor
modified : use tscriptcontrol to launch vbs scripts
todo : check wmi(msndis) vs GetIfEntry
added : wmi browser
added : possibility to run vbs scripts on object(s) in ad browser
added : bookmark with dynamic columns/cells
modified : ping -> check icmpsendecho<>0 (instead of =1)
added : citrix console
added : CoInitializeSecurity before run to be able to use citrix mfcom remotely
added : clientip,appname,logontime,idletime in terminal services
added : ntlm hash
added : ping -> option to retry once on ping host
fixed : ping -> bad replies were not displayed
added : up/down in snmp interfaces
added : 2 different graphviz views in snmp port mapper, plus some extra menu items
updated : refresh mac prefixes (10972 items)
added : add script option in dhcp manager
fixed : improved snmp subnet scan
fixed : ColumnClick modified when sorting (all sortorder set back to false except the clicked column)
fixed : patched comserv.pas to avoid severe crash on vista (because of tlb for msscript)
fixed : raw ip support on vista
added : oid enterprise numbers (30416 items)
updated : allocate memory for portnumbers & macaddresses on demand (2.5mb mem saved on startup)

Download:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.97.0.3


Changelog:
1.97
added : savetodb/loadfromdb function in bookmark window (tested with mssql oledb, mysql odbc, excel odbc (dont forget the []))
added : database objects browser
fixed : bugs in rrdtools gui
fixed : support of double values in perfmon
added : can graph an oid value in snmpget
todo : block url's based on keywords in http proxy
added : can filter while loading a capture file

Download:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.97.0.4

Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer 1.97.0.6

Download (6.44 MB)

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.97.0.7

Changelog

added : savetodb/loadfromdb function in bookmark window (tested with mssql oledb, mysql odbc, excel odbc (dont forget the []))
added : database objects browser
fixed : bugs in rrdtools gui
fixed : support of double values in perfmon
added : can graph an oid value in snmpget
added : block url's based on keywords in http proxy (todo : filter meta keywords)
added : can filter while loading a capture file
fixed : filter for ndis5pkt engine
fixed : capture_mode=raw by default
added : toolbarview & stayontop stored in config.ini
added : debug option in config.ini (hookwindows, hookGetProcAddress, hookmem)
modified : update to latest madexcept version 3.0h
added : arp watch
added : stp decoder
added : dot1stpporttable & stp datas
added : delete arp entry in snmp arp table
added : flood option in arp spoof
todo : mitm (handle router & victim redirection) , ipconflict (reply with ipsrc=victim & macsrc=other) attacks
added : WTSWaitSystemEvent / WTSShutdownSystem / WinStationServerPing / WTSQueryUserToken (must run as localsystem)
modified : raw_sniffer is created only on start action
fixed : print spooler is stopped/started including dependencies
added : geo locating using api.hostip.info and googlemaps


Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.97.0.9

Changelog

added : savetodb/loadfromdb function in bookmark window (tested with mssql oledb, mysql odbc, excel odbc (dont forget the []))
added : database objects browser
fixed : bugs in rrdtools gui
fixed : support of double values in perfmon
added : can graph an oid value in snmpget
added : block url's based on keywords in http proxy (todo : filter meta keywords)
added : can filter while loading a capture file
fixed : filter for ndis5pkt engine
fixed : capture_mode=raw by default
added : toolbarview & stayontop stored in config.ini
added : debug option in config.ini (hookwindows, hookGetProcAddress, hookmem)
modified : update to latest madexcept version 3.0h
added : arp watch
added : stp decoder
added : dot1stpporttable & stp datas
added : delete arp entry in snmp arp table
added : flood option in arp spoof
todo : mitm (handle router & victim redirection) , ipconflict (reply with ipsrc=victim & macsrc=other) attacks
added : WTSWaitSystemEvent / WTSShutdownSystem / WinStationServerPing / WTSQueryUserToken (must run as localsystem)
modified : raw_sniffer is created only on start action
fixed : print spooler is stopped/started including dependencies
added : geo locating using api.hostip.info and googlemaps
todo : check TcpTimedWaitDelay
added : rpcap support main window


Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.97.1.2


Changelog

todo : crc32 progress bar
added : can retrieve upnp contentdirectory
added : perf counters screen also displays suffix and scale for returned value
modified : lighter main lib unit, 3 new units (decode, convert, storage)
fixed : empty column in xls file would crash the bookmark window
added : loadfromdb and savetodb will keep table history

Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.97.1.3

Changelog

- added : save cap file with same link type as loaded cap file
- added : find user / computer in ad browser
- added : lastlogontimestamp in ad browser
- added : update/add/delete db one item in bookmark

Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.98.0.1

Changelog

added : loadfromdb and savetodb will keep table history
added : save cap file with same link type as loaded cap file
added : find user / computer in ad browser
added : lastlogontimestamp in ad browser
added : update/add/delete db one item in bookmark
added : add/delete/create group & user in ad browser
added : winsock hook will display 127.0.0.1 traffic
added : winsock hook can save datas to cap file

todo : one unique mail window (mail & mapi)
todo : manage linked table in bookmark window

Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.98.0.2

Changelog

added : more reports : devices, printers ports/drivers/monitors, local admins
added : reports from a list of servers
added : update line from vbs in bookmark window
added : new unit = hashes
added : SIO_RCVALL IOCTL option (to be tested against different nics)
added : modified savetreeview to be able to reload via loadlistview
added : remove column, search and replace in bookmark
fixed : winsock hook (recv functions were nulling the buffer)

todo : switch to virtual view?
todo : add mssql processes,ts services, dhcp bails to host report?
todo : winspool helper with ureport unit
todo : sid to account
todo : snmp reports for windows hosts?


Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.98.0.3


Changelog:

added : loadfromdb and savetodb will keep table history
added : save cap file with same link type as loaded cap file
added : find user / computer in ad browser
added : lastlogontimestamp in ad browser
added : update/add/delete db one item in bookmark
added : add/delete/create group & user in ad browser
added : winsock hook will display 127.0.0.1 traffic
added : winsock hook can save datas to cap file
added : more reports : devices, printers ports/drivers/monitors, local admins
added : reports from a list of servers
added : update line from vbs in bookmark window
added : new unit = hashes
added : SIO_RCVALL IOCTL option (to be tested against different nics)
added : modified savetreeview to be able to reload via loadlistview
added : remove column, search and replace in bookmark
fixed : winsock hook (recv functions were nulling the buffer)

todo : switch to virtual view?
todo : add mssql processes,ts services, dhcp bails to host report?
todo : winspool helper with ureport unit
todo : sid to account
todo : snmp reports for windows hosts?

Download:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.98.0.6

Changelog:

1.98
added : loadfromdb and savetodb will keep table history
added : save cap file with same link type as loaded cap file
added : find user / computer in ad browser
added : lastlogontimestamp in ad browser
added : update/add/delete db one item in bookmark
added : add/delete/create group & user in ad browser
added : winsock hook will display 127.0.0.1 traffic
added : winsock hook can save datas to cap file
added : more reports : devices, printers ports/drivers/monitors, local admins
added : reports from a list of servers
added : update line from vbs in bookmark window
added : new unit = hashes
added : SIO_RCVALL IOCTL option (to be tested against different nics)
added : modified savetreeview to be able to reload via loadlistview
added : remove column, search and replace in bookmark
fixed : winsock hook (recv functions were nulling the buffer)
added : snmphelper class
modified : snmp scan / ping subnet / arp scan -> thread uses postmessage (more thread safe)
added : xpath functions in bookmark window / load-save from-to xml http
added : can choose returned properties of ldap search query / dump query to xml / dump children to xml
modified : md5 hash used to cipher. 3des encryption added. hexa/text switch. vnc encrypt/decrypt (need 3des.dll)
modified : uses clause cleanup with icarus

todo? : switch to virtual view
todo : winspool helper with ureport unit
in progress : snmp reports (interfaces and forwarding ok, stp left)
todo : mask <> 255 using IdNetworkCalculator
todo? : getnext on 1.3.6.1.4.1.43.10.25.2.1.1.3.6 for 3com hubs to retrieve forwarding table
todo? : consider CDPMIB (1.3.6.1.4.1.9.9.23)
todo : consider Q-BRIDGE-MIB (vlan's)
todo? : consider SNMP-REPEATER-MIB (hubs)
todo? : add ipAddrTable 1.3.6.1.2.1.4.20
todo : scan switches (thru bridge table or stp table?)
todo : graphical traceroute
todo : ttl result in tracert
todo : ipforwarding et basenumports
todo : smtp/fax/etc prefix in mapi mail
todo : wsck - f_packet_no ??
todo : consider IP_RECORD_ROUTE

Download:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.98.0.7


Changelog:

1.98
added : loadfromdb and savetodb will keep table history
added : save cap file with same link type as loaded cap file
added : find user / computer in ad browser
added : lastlogontimestamp in ad browser
added : update/add/delete db one item in bookmark
added : add/delete/create group & user in ad browser
added : winsock hook will display 127.0.0.1 traffic
added : winsock hook can save datas to cap file
added : more reports : devices, printers ports/drivers/monitors, local admins
added : reports from a list of servers
added : update line from vbs in bookmark window
added : new unit = hashes
added : SIO_RCVALL IOCTL option (to be tested against different nics)
added : modified savetreeview to be able to reload via loadlistview
added : remove column, search and replace in bookmark
fixed : winsock hook (recv functions were nulling the buffer)
added : snmphelper class
modified : snmp scan / ping subnet / arp scan -> thread uses postmessage (more thread safe)
added : xpath functions in bookmark window / load-save from-to xml http
added : can choose returned properties of ldap search query / dump query to xml / dump children to xml
modified : md5 hash used to cipher. 3des encryption added. hexa/text switch. vnc encrypt/decrypt (need 3des.dll)
modified : uses clause cleanup with icarus

todo? : switch to virtual view
todo : winspool helper with ureport unit
in progress : snmp reports (interfaces and forwarding ok, stp left)
todo : mask <> 255 using IdNetworkCalculator
todo? : getnext on 1.3.6.1.4.1.43.10.25.2.1.1.3.6 for 3com hubs to retrieve forwarding table
todo? : consider CDPMIB (1.3.6.1.4.1.9.9.23)
todo : consider Q-BRIDGE-MIB (vlan's)
todo? : consider SNMP-REPEATER-MIB (hubs)
todo? : add ipAddrTable 1.3.6.1.2.1.4.20
todo : scan switches (thru bridge table or stp table?)
todo : graphical traceroute
todo : ttl result in tracert
todo : ipforwarding et basenumports
todo : smtp/fax/etc prefix in mapi mail
todo : wsck - f_packet_no ??
todo : consider IP_RECORD_ROUTE

Download:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.98.0.7 (2009-05-02)

Changelog


added : loadfromdb and savetodb will keep table history
added : save cap file with same link type as loaded cap file
added : find user / computer in ad browser
added : lastlogontimestamp in ad browser
added : update/add/delete db one item in bookmark
added : add/delete/create group & user in ad browser
added : winsock hook will display 127.0.0.1 traffic
added : winsock hook can save datas to cap file
added : more reports : devices, printers ports/drivers/monitors, local admins
added : reports from a list of servers
added : update line from vbs in bookmark window
added : new unit = hashes
added : SIO_RCVALL IOCTL option (to be tested against different nics)
added : modified savetreeview to be able to reload via loadlistview
added : remove column, search and replace in bookmark
fixed : winsock hook (recv functions were nulling the buffer)
added : snmphelper class
modified : snmp scan / ping subnet / arp scan -> thread uses postmessage (more thread safe)
added : xpath functions in bookmark window / load-save from-to xml http
added : can choose returned properties of ldap search query / dump query to xml / dump children to xml
modified : md5 hash used to cipher. 3des encryption added. hexa/text switch. vnc encrypt/decrypt (need 3des.dll)
modified : uses clause cleanup with icarus

todo? : switch to virtual view
todo : winspool helper with ureport unit
in progress : snmp reports (interfaces and forwarding ok, stp left)
todo : mask <> 255 using IdNetworkCalculator
todo? : getnext on 1.3.6.1.4.1.43.10.25.2.1.1.3.6 for 3com hubs to retrieve forwarding table
todo? : consider CDPMIB (1.3.6.1.4.1.9.9.23)
todo : consider Q-BRIDGE-MIB (vlan's)
todo? : consider SNMP-REPEATER-MIB (hubs)
todo? : add ipAddrTable 1.3.6.1.2.1.4.20
todo : scan switches (thru bridge table or stp table?)
todo : graphical traceroute
todo : ttl result in tracert
todo : ipforwarding et basenumports
todo : smtp/fax/etc prefix in mapi mail
todo : wsck - f_packet_no ??
todo : consider IP_RECORD_ROUTE
Download

http://erwan.l.free.fr/sniffer.zip

IP Sniffer 1.98.0.8


Download (6.77 MB)

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.98.0.8 (2009-07-14)

Changelog


modifed : zlib updated to zlibex 1.2.3
system crash :
reinstall mrubox, hstbox, hexedit,
jvcl+jcl (had to recompile setupapi.pas with win2000_up in windowsversion.inc)
latest masdhi version
added : one extra free option in dhcp (to support keep-san option in gpxe)
added : can send empty filename when gpxe user class is detected (to allow boot on san)

long term todo's...
todo : decrypt/encrypt vnc without des.dll
in progress : alternative boot filename for a specific userclass

Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.98.0.8 (2009-09-14)


Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.98.0.9

Download (6.77 MB)

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.98.1.4

Changelog

fixed : will work on windows 7
fixed : bug on iplen
fixed : bug in getiftable in win7
added : can load and save royal ts files in bookmark window
fixed : in bookmark window, update line from script will not update columns with empty values
added : in bookmark window, if xsl next to xml, xml will be transformed
added : add ipAddrTable (IP-MIB)
added : utrayicon unit
added : resolve auto in arp scan
added : devices in snmp host-ressources
added : printhtmlinIE function
added : wmi scan (fields from win32_computersystem,win32_computersystemproduct,w in32_operatingsystem)
added : snmp scan in toolbar
todo : processors in snmp host-ressources
todo : include style.css and xsl in binary
todo : xmldoc.txmldocument.create(nil) versus xmldoc.txmldocument.create('')

Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.98.1.5


Changelog

added : utrayicon unit (to experiment a separate thread monitoring hung app)
added : include style.css and xsl in binary
fixed : "<unknown ip>" to "unknown ip" to avoid '<>' html/xml interpretation
modified : listview2html to write cleaner html
added : bookmark can load a structured table from an html file

Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v1.99.1.0
2011-05-16

Download
Standalone:

http://erwan.l.free.fr/sniffer.zip

IP Sniffer v 1.99.2.0

Homepage:
http://erwan.l.free.fr/
Download:
http://erwan.l.free.fr/sniffer.zip7.39mb Freeware