snif : raw sockets sniffer update

 network  Add comments
Déc 292018
 

Following a previous article, I found out that windows 10 is filtering out incoming packets if the listening application is not explicitly allowed on the local firewall.

Therefore snif.exe now has a new parameter allowing one to introduce a temp local firewall exception for snif.exe.

The command line help is also more explicit.

snif [localip:x.x.x.x] [proto:udp|tcp|icmp] [port:1-65535] [catpure:0|1] [firewall:0|1]

Download here.

Edit [Feb 01,2019]
Note that « snif » is very similar to RawCap except that :
-rawcap does not take care of the firewall
-is depending on dotnet
-is not open source

  One Response to “snif : raw sockets sniffer update”

  1. Capture and spoof NBT NS and LLMNR packets – Erwan's Blog says:
    4 janvier 2019 at 23 h 00 min

    […] xDNS Sniffer is demo, written in delphi7, using windows raw sockets (receiving and sending) to capture and spoof NBT-NS and LLMNR to abuse local name resolution. Sending spoofed packets is possible because these protocols are using UDP. This code is variant/built upon previous demo discussed here. […]

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.