PortPeeker is one of the more exciting simple tools I’ve seen in the past few months. PortPeeker is a Windows program that requires an installation. It then sets up a listening port on the port of your choosing. This listening port is bannerless and open to connection from other computers/devices. PortPeeker reports these connections and any data that is sent to this port both in a realtime display on the screen and also a log file. What is even more exciting, is that multiple copies can be opened to listen on multiple ports….although currently used ports cannot be used.
Why is this exciting? On a local network that might not be secure or that I am in charge of monitoring, a box can be set up that listens and captures traffic on particular ports. In a network like mine with multiple possibly insecure MSDE/SQL instances, being able to quickly see port 1433/1434 port probes would be very helpful. The only additional item I could wish for is a light or systray icon or sound to be played when a connection is made on a port being sniffed.
Update: Oh man, the uses are numerous! I have found out that the tool actually does allow the editing of banner information upon connection. On the link, scroll to the bottom to see captured traffic from various attacks and worms. Not only can this tool report connections on a port, but it display the data being transmitted to that port. For something like an SQL server connection attempt, the userid and password are cleartext in the hex output.