Previous Thread
Next Thread
Print Thread
Rate Thread
#7577 07/11/03 06:21 PM
Joined: Jun 2003
Posts: 7
S
Junior Member
OP Offline
Junior Member
S
Joined: Jun 2003
Posts: 7
Hi,

What is a free alternative to Iris form eeye.com that will allow me to " �sniff� and record network traffic, then completely reconstruct the data into its original format."(from eeye.com)

Thanks

#7578 07/11/03 06:38 PM
Joined: Mar 2002
Posts: 860
Likes: 1
Der �belt�ter
Offline
Der �belt�ter
Joined: Mar 2002
Posts: 860
Likes: 1
Moved to Newbie Questions.

#7579 07/12/03 03:27 PM
Joined: Mar 2002
Posts: 815
S
nobody
Offline
nobody
S
Joined: Mar 2002
Posts: 815
Iris is just a fancy packet sniffer with some nice features for people who are too lazy to be figure out to do with raw packet data. For the demo of it that I watched, It seems like an ordinary packet sniffer that takes the port information and associates that with a certain program, for instance outlook on 25. Since email is sent in text anyways (unless its html email) you could see that anyways in most sniffers since the usually display packet data in hex and ascii.

I would use something like ethereal or snort that do the same things.

http://www.ethereal.com/
http://www.snort.org/

The UI isn't as fancy and they dont have the built in features, but with a little bit of brain power you can do the same things. The only things iris can reconstruct are SMTP POP3 and HTTP. You can also 'view' IM's and ftp data as long as its not encrypted. You can do the same thing with the programs I provided links for but it will just be in ascii format and wont be pretty.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

07/12-17:30:56.380419 0:4:5A:5D:2D:D9 -> 0:3:6D:13:64:44 type:0x800
len:0x82
192.168.0.4:6667 -> 192.168.0.50:39155 TCP TTL:64 TOS:0x0 ID:8707 IpLen:20
DgmLen:116 DF

***AP*** Seq: 0x12E51FBD Ack: 0x79D065 Win: 0x16A0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 25126189 717089932

0x0000: 00 03 6D 13 64 44 00 04 5A 5D 2D D9 08 00 45 00 ..m.dD..Z]-...E.
0x0010: 00 74 22 03 40 00 40 06 96 FA C0 A8 00 04 C0 A8 .t".@.@.........
0x0020: 00 32 1A 0B 98 F3 12 E5 1F BD 00 79 D0 65 80 18 .2.........y.e..
0x0030: 16 A0 60 3A 00 00 01 01 08 0A 01 7F 65 2D 2A BD ..`:........e-*.
0x0040: EC 8C 3A 73 69 6E 21 31 30 30 30 40 31 39 32 2E ..:sin!1000@192.
0x0050: 31 36 38 2E 30 2E 68 69 64 65 2D 32 36 31 30 30 168.0.hide-26100
0x0060: 20 50 52 49 56 4D 53 47 20 23 75 6E 64 65 72 67 PRIVMSG #underg
0x0070: 72 6F 75 6E 64 6E 65 77 73 20 3A 68 65 6C 6C 6F roundnews :hello
0x0080: 0D 0A ..


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

In this packet you can see a computer at 192.168.0.4 sent a packet from port 6667, which is IRC port if you didnt know, to port 39155 on machine 192.168.0.50 The data included in the packet is displayed in HEX on the left and ascii on the right. As you can see [email protected] sent a privmsg to channel #UnderGroundNews consisting of the text 'hello'. If all you want to do is see the data sent thats all you need the rest is just lower level tcp data. So that's how you do it if you want to do it for free.

#7580 07/12/03 04:47 PM
Joined: Jun 2003
Posts: 7
S
Junior Member
OP Offline
Junior Member
S
Joined: Jun 2003
Posts: 7
Thanks for the information.

I didn't know that packets were that easy to understand. Thank you very much for the information and I will give one of those free ones a try. smile

#7581 08/09/03 04:40 PM
Joined: Aug 2003
Posts: 68
M
Junior Member
Offline
Junior Member
M
Joined: Aug 2003
Posts: 68
haha 192.168 isn't that a firewall/internal address or whatever


Link Copied to Clipboard
Member Spotlight
Phatal
Phatal
Houston, TX
Posts: 298
Joined: April 2004
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Cyrez 1
Girlie 1
unreal 1
Crime 1
Powered by UBB.threads™ PHP Forum Software 7.7.5