Friday, June 18, 2010

Network Stuff - Handy network utility


Network stuff is a cool Network Utility that comes whole set of very useful network tools like Whois, tcp/udp telnet, raw packet forger that gives more information about a host on a network and to perform simple tasks.
Network open source tool including:
  • tcp/udp telnet
  • ping/traceroute
  • DNS resolver
  • Whois
  • Arp
  • Stats and TCP/UDP/IP tables (iphelper functions)
  • TCP/UDP/ICMP/CGI multithreaded scan (TCP and CGI scan could be done throw HTTP or socks proxy)
  • Raw packet capture (multiple options including application name)
  • Raw packet forging
  • Wake on LAN and Remote Shutdown
  • Interactive TCP/UDP Transparent Proxy
Its key features allows user to easily find information on a network reached through different interfaces, which are accessible through different tabs.  Information includes the hardware address being used, the IP address assigned, the link speed, link status, and vendor information on the network adapter. It also provides traffic information, including incoming and outdoing packets. While it doesn’t have advanced troubleshooting features, it does show errors in both incoming and outgoing packets, and provides a collision count. This includes information separated into TCP info, including detailed packet stats, UDP info with information about datagram like  ICMP, IGMP.  Network stuff  can also provide a routing table, with comprehensive information included. It can also show multicast data, and show the current state of all sockets the computer might have open, closed, or waiting.
Network stuff offers a number of diagnostics, including statistics and error counts, and all zones on a network. The Ping utility used by Network Utility is similar to other ping services, allowing input of a destination address, and a set number of pings to be sent. For each ping, of 64 byte packets, a transit time is given, helping troubleshoot network connections.  The Traceroute, Whois, and Finger options of the Network Utility are all analogous to those found in other operating systems. Traceroute displays the full route from the host computer to the destination, with hop times listed. Whois queries a whois service to return information on a domain name registrant. The Finger utility allows a user to look at a specific user profile on a specific server.
Download:
It comes with a handy manual with how to's for 26 network functions like
  • How to create TCP or UDP clients or server
  • How to make a telnet
  • How to make a ping
  • How to make traceroute
  • How to get host address (DNS resolve)
  • How to get host information (Whois)
  • How to retreive a MAC address on remote host
  • How to view or close active tcp connections (or end process of tcp connection owner)
  • How to view active udp servers
  • How to view tcp stats
  • How to view udp stats
  • How to view icmp stats
  • How to view or modify ip table
  • How to view IP stats
  • How to make cgi scan
  • How to make tcp scan
  • How to make udp scan
  • How to make icmp scan
  • How to make tcp or cgi scan throw proxy
  • How to make a wake on LAN
  • How to Shutdown a windows remote host
  • How to view your computer's IP
  • How to get your computer's outside IP (for people in LAN)
  • How to capture packet
  • How to forge packet
  • What is Interactive TCP/UDP
To  capture packets
Go to the Capture window (Tab "Raw Packet" then "Capture").
To capture packets, you have to check protocol you want to capture.

Here we are capturing tcp and icmp packets
Next, for each protocol you can specify special filters. Another filter is available for tcp/udp connection: this is the "Application filter"
The option "Packet's details" allow to show generally usless header fields. By checking this, all header fields are shown.
You can start/stop capture using the coresponding buttons.
The "Clear" button allows to clear the list of captured packet.
The "Load" button allows you to load a previous saved capture in txt or xml format.
Tcp filters :
- Source Ip
- Destination Ip
- Source Port
- Destination Port
- Sequence Number
- Acknowledgment Number
- Data Offset
- Window Size
- Control (URG,ACK,PSH,RST,SYN,FIN)

In this sample we are capturing only packets sent to and received from ip 10.0.0.138 port 80
How to forge packets
Go to the Forge window (Tab "Raw Packet" then "Forge"). Three different easy forging interfaces are available for tcp,udp and icmp;and another generic interface for other protocols is also available
For all protocols, you can configure all IP header fields options that means :
  • Version
  • IHL
  • Precedence
  • Delay
  • Precedence
  • Throughput
  • Relibility
  • Total Length
  • Identification
  • Fragment type/position/offset
  • TTL
  • Protocol number
  • Checksum
  • IP source
  • IP dest
  • Options
Some fields have the "Random" option which allows you to test your firewall/IDS reactions.
Notice : random fields are computed separately for each sent packet
What is the option "Auto" for length and checksum ?
If you don't want to forge bad packets, you just check these options, so the fields are computed and you don't need to comput them manualy.
Protocol data could be ASCII or hexa depending the "Hexa values" option
At this point you just need to specify the number of packets you want to send.
If you select the "Looping" option, packet are send until you push the "Stop" button.
Just click "Send" to begin packets sending

unknown protocol forge