Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Followup to packet tools story SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Followup to packet tools story
As promised (several weeks ago) here is the followup to my earlier story asking for suggestions of tools for capturing, generating/modifying, or replaying IP packets.  The response from our readers was overwhelming and I wanted to thank all who responded.  Since the day job and family life got in the way of posting this sooner, I'm just going to post the list of tools today.  Later this week, I hope to update this story and categorize the tools a little bit.  Because of the tremendous response, I plan to look at a couple of the tools in more detail on my next HOD shift (unless there is some massive breaking story that requires my attention then).

  • netdude
  • nemesis
  • ettercap
  • daemonlogger
  • netcat
  • dsniff
  • yersinia
  • hunt
  • bittwist
  • scruby
  • sing
  • rain
  • nbtscan
  • netwox
  • thc-rut
  • ntop
  • scanrand
  • CommView (commercial tool)
  • xprobe2
  • lft
  • tcpflow
  • tcpxtract
  • kismet
  • queso
  • fragrouter
  • amap
  • thcipv6
  • thcscan
  • juggernaut
  • gspoof
  • aldeberan
  • dhcping (there are apparently 2 different tools by this name)
I would also be remiss if I didn't include a pointer to fellow handler Bill Stearns' page of pcap tools (why didn't I just ask him first....?) at  Again, thanx to all those who responded.I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Tokyo Autumn 2021


423 Posts
ISC Handler
May 22nd 2007

Sign Up for Free or Log In to start participating in the conversation!