Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Passer, a aassive machine and service sniffer - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Passer, a aassive machine and service sniffer

Last summer I did a short post on detecting servers using tcpdump or windump, syn/ack packets, and a few command line tools.  It was.... well, pretty rudimentary.  *smile*
 
https://isc.sans.org/diary.html?storyid=3018
 
This spring I decided to put together a passive service sniffer -  "Passer".  It can report on live tcp and udp servers and clients, ethernet cards and manufacturers, dns records, operating systems, and routers.  If you have nmap installed, it will use nmap's service fingerprint file to get a really good guess at exactly what service is running on a port.
 
The output is comma separated for easy import into a database, a spreadsheet, or command line tools.
 
Because it's written in python, it should be portable to almost any operating system.  Because of my odd Windows XP set up I hit a snag with the underlying packet capture library (scapy) on windows, but it should work on almost anything with python.

Home site: http://www.stearns.org/passer/

Instructions: http://www.stearns.org/passer/passer.txt

Sample output: http://www.stearns.org/passer/passer.txt

-- Bill Stearns

William

80 Posts

Sign Up for Free or Log In to start participating in the conversation!