PortListener XP is a port listener for Windows XP. The tool installs and then listens on particular ports. This tool listens on multiple ports in one instance, drops to the systray, and also logs to files. It does not log in real time, but it does accrue connection totals (aggregated for all ports) on the main window. There are options to change colors and show alerts for various warning levels, but they seemed useless to me. Also, you can set a banner or connection reply to be sent back to connecting sessions, but that didn’t appear to work for me either…however, I do like the systray and multiple port options.
PortPeeker is one of the more exciting simple tools I’ve seen in the past few months. PortPeeker is a Windows program that requires an installation. It then sets up a listening port on the port of your choosing. This listening port is bannerless and open to connection from other computers/devices. PortPeeker reports these connections and any data that is sent to this port both in a realtime display on the screen and also a log file. What is even more exciting, is that multiple copies can be opened to listen on multiple ports….although currently used ports cannot be used.
Why is this exciting? On a local network that might not be secure or that I am in charge of monitoring, a box can be set up that listens and captures traffic on particular ports. In a network like mine with multiple possibly insecure MSDE/SQL instances, being able to quickly see port 1433/1434 port probes would be very helpful. The only additional item I could wish for is a light or systray icon or sound to be played when a connection is made on a port being sniffed.
Update: Oh man, the uses are numerous! I have found out that the tool actually does allow the editing of banner information upon connection. On the link, scroll to the bottom to see captured traffic from various attacks and worms. Not only can this tool report connections on a port, but it display the data being transmitted to that port. For something like an SQL server connection attempt, the userid and password are cleartext in the hex output.
A SecurityFocus article on cracking WEP and other inherent issues with wireless. Includes a lot of nice tools and the links to those tools at the bottom.
Shon Harris is featured in a full series of CISSP training webcasts on SearchSecurity.com. These are free, although you have to supply information to start the link, there is no requirement to supply legit information. Seems to work better on IE than Firefox. Webcasts are about 60 minutes each.