UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#7577 - 07/11/03 09:21 PM Alternative to Iris
Something Offline
Junior Member

Registered: 06/30/03
Posts: 7
Loc: Here
Hi,

What is a free alternative to Iris form eeye.com that will allow me to " ‘sniff’ and record network traffic, then completely reconstruct the data into its original format."(from eeye.com)

Thanks

Top
Sponsored Links
      
#7578 - 07/11/03 09:38 PM Re: Alternative to Iris
unreal Offline



Registered: 03/01/02
Posts: 860
Loc: KCRQ
Moved to Newbie Questions.

Top
#7579 - 07/12/03 06:27 PM Re: Alternative to Iris
sinetific Offline
nobody

Registered: 03/02/02
Posts: 815
Loc: Ann Arbor
Iris is just a fancy packet sniffer with some nice features for people who are too lazy to be figure out to do with raw packet data. For the demo of it that I watched, It seems like an ordinary packet sniffer that takes the port information and associates that with a certain program, for instance outlook on 25. Since email is sent in text anyways (unless its html email) you could see that anyways in most sniffers since the usually display packet data in hex and ascii.

I would use something like ethereal or snort that do the same things.

http://www.ethereal.com/
http://www.snort.org/

The UI isn't as fancy and they dont have the built in features, but with a little bit of brain power you can do the same things. The only things iris can reconstruct are SMTP POP3 and HTTP. You can also 'view' IM's and ftp data as long as its not encrypted. You can do the same thing with the programs I provided links for but it will just be in ascii format and wont be pretty.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

07/12-17:30:56.380419 0:4:5A:5D:2D:D9 -> 0:3:6D:13:64:44 type:0x800
len:0x82
192.168.0.4:6667 -> 192.168.0.50:39155 TCP TTL:64 TOS:0x0 ID:8707 IpLen:20
DgmLen:116 DF

***AP*** Seq: 0x12E51FBD Ack: 0x79D065 Win: 0x16A0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 25126189 717089932

0x0000: 00 03 6D 13 64 44 00 04 5A 5D 2D D9 08 00 45 00 ..m.dD..Z]-...E.
0x0010: 00 74 22 03 40 00 40 06 96 FA C0 A8 00 04 C0 A8 .t".@.@.........
0x0020: 00 32 1A 0B 98 F3 12 E5 1F BD 00 79 D0 65 80 18 .2.........y.e..
0x0030: 16 A0 60 3A 00 00 01 01 08 0A 01 7F 65 2D 2A BD ..`:........e-*.
0x0040: EC 8C 3A 73 69 6E 21 31 30 30 30 40 31 39 32 2E ..:sin!1000@192.
0x0050: 31 36 38 2E 30 2E 68 69 64 65 2D 32 36 31 30 30 168.0.hide-26100
0x0060: 20 50 52 49 56 4D 53 47 20 23 75 6E 64 65 72 67 PRIVMSG #underg
0x0070: 72 6F 75 6E 64 6E 65 77 73 20 3A 68 65 6C 6C 6F roundnews :hello
0x0080: 0D 0A ..


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

In this packet you can see a computer at 192.168.0.4 sent a packet from port 6667, which is IRC port if you didnt know, to port 39155 on machine 192.168.0.50 The data included in the packet is displayed in HEX on the left and ascii on the right. As you can see sin![email protected] sent a privmsg to channel #undergroundnews consisting of the text 'hello'. If all you want to do is see the data sent thats all you need the rest is just lower level tcp data. So that's how you do it if you want to do it for free.

Top
#7580 - 07/12/03 07:47 PM Re: Alternative to Iris
Something Offline
Junior Member

Registered: 06/30/03
Posts: 7
Loc: Here
Thanks for the information.

I didn't know that packets were that easy to understand. Thank you very much for the information and I will give one of those free ones a try.

Top
#7581 - 08/09/03 07:40 PM Re: Alternative to Iris
MESELF Offline
Junior Member

Registered: 08/08/03
Posts: 68
haha 192.168 isn't that a firewall/internal address or whatever

Top

Moderator:  Infinite 
Featured Member
Registered: 08/22/14
Posts: 1
Forum Stats
2148 Members
46 Forums
35109 Topics
70279 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 28271
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Tim050, Gecko666, defghi795767, Devo60, ali
2148 Registered Users
Who's Online
0 registered (), 425 Guests and 283 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!