Your browser does not seem to support CSS. If images appear below, please disregard them.
toggle
May
S M T W T F S
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Sponsored Links
Latest Postings
Topic Options
Rate This Topic
#7577 - 07/12/03 01:21 AM Alternative to Iris
Joined: Jun 2003
Posts: 7
Something Offline
Junior Member
Something Offline
Junior Member

Joined: Jun 2003
Posts: 7
Here
Hi,

What is a free alternative to Iris form eeye.com that will allow me to " ‘sniff’ and record network traffic, then completely reconstruct the data into its original format."(from eeye.com)

Thanks

Top
Sponsored Links
#7578 - 07/12/03 01:38 AM Re: Alternative to Iris
Joined: Mar 2002
Posts: 860
unreal Offline
Der Übeltäter
unreal Offline
Der Übeltäter

Joined: Mar 2002
Posts: 860
KCRQ
Moved to Newbie Questions.

Top
#7579 - 07/12/03 10:27 PM Re: Alternative to Iris
Joined: Mar 2002
Posts: 815
sinetific Offline
nobody
sinetific Offline
nobody

Joined: Mar 2002
Posts: 815
Ann Arbor
Iris is just a fancy packet sniffer with some nice features for people who are too lazy to be figure out to do with raw packet data. For the demo of it that I watched, It seems like an ordinary packet sniffer that takes the port information and associates that with a certain program, for instance outlook on 25. Since email is sent in text anyways (unless its html email) you could see that anyways in most sniffers since the usually display packet data in hex and ascii.

I would use something like ethereal or snort that do the same things.

http://www.ethereal.com/
http://www.snort.org/

The UI isn't as fancy and they dont have the built in features, but with a little bit of brain power you can do the same things. The only things iris can reconstruct are SMTP POP3 and HTTP. You can also 'view' IM's and ftp data as long as its not encrypted. You can do the same thing with the programs I provided links for but it will just be in ascii format and wont be pretty.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

07/12-17:30:56.380419 0:4:5A:5D:2D:D9 -> 0:3:6D:13:64:44 type:0x800
len:0x82
192.168.0.4:6667 -> 192.168.0.50:39155 TCP TTL:64 TOS:0x0 ID:8707 IpLen:20
DgmLen:116 DF

***AP*** Seq: 0x12E51FBD Ack: 0x79D065 Win: 0x16A0 TcpLen: 32
TCP Options (3) => NOP NOP TS: 25126189 717089932

0x0000: 00 03 6D 13 64 44 00 04 5A 5D 2D D9 08 00 45 00 ..m.dD..Z]-...E.
0x0010: 00 74 22 03 40 00 40 06 96 FA C0 A8 00 04 C0 A8 .t".@.@.........
0x0020: 00 32 1A 0B 98 F3 12 E5 1F BD 00 79 D0 65 80 18 .2.........y.e..
0x0030: 16 A0 60 3A 00 00 01 01 08 0A 01 7F 65 2D 2A BD ..`:........e-*.
0x0040: EC 8C 3A 73 69 6E 21 31 30 30 30 40 31 39 32 2E ..:[email protected]
0x0050: 31 36 38 2E 30 2E 68 69 64 65 2D 32 36 31 30 30 168.0.hide-26100
0x0060: 20 50 52 49 56 4D 53 47 20 23 75 6E 64 65 72 67 PRIVMSG #underg
0x0070: 72 6F 75 6E 64 6E 65 77 73 20 3A 68 65 6C 6C 6F roundnews :hello
0x0080: 0D 0A ..


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

In this packet you can see a computer at 192.168.0.4 sent a packet from port 6667, which is IRC port if you didnt know, to port 39155 on machine 192.168.0.50 The data included in the packet is displayed in HEX on the left and ascii on the right. As you can see [email protected] sent a privmsg to channel #undergroundnews consisting of the text 'hello'. If all you want to do is see the data sent thats all you need the rest is just lower level tcp data. So that's how you do it if you want to do it for free.

Top
#7580 - 07/12/03 11:47 PM Re: Alternative to Iris
Joined: Jun 2003
Posts: 7
Something Offline
Junior Member
Something Offline
Junior Member

Joined: Jun 2003
Posts: 7
Here
Thanks for the information.

I didn't know that packets were that easy to understand. Thank you very much for the information and I will give one of those free ones a try.

Top
#7581 - 08/09/03 11:40 PM Re: Alternative to Iris
Joined: Aug 2003
Posts: 68
MESELF Offline
Junior Member
MESELF Offline
Junior Member

Joined: Aug 2003
Posts: 68
haha 192.168 isn't that a firewall/internal address or whatever

Top

Member Spotlight
Gremelin

Gremelin
Portland, OR; USA
Posts: 7,194
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums46
Topics45,521
Posts80,689
Members2,157
Most Online1,567
Apr 25th, 2010
Top Posters(All Time)
UGN Security 38,685
Gremelin 7,194
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Newest Members
Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit, boa
2157 Registered Users
Who's Online Now
0 registered members (), 3 guests and 2 spiders.
Latest News