[share tools]simple sniffer GUI JSSsnifferGUI.py (by:bl00dyc0dez)

[bl00d13z]

dah lama ga mampir.. share tools open source dikit ah, sekalian dokumentasiin disini takut kcecer

sambil ngerjain TA bkin IDS eh kepikiran bkin tools open source ini.. ane share juga sbnernya di salah satu forum lain hehe..berhubung udah lm bgt berkomunitas disana tp lom pernah nyumbang pa pa, nyumbangnya di forum luar trus hehe,. jadi ane putusin share di 2 forum (JS n IDGS)

diambil dari potongan source TA ane yg lagi ngebangun IDS(Intrussion Detection System) sederhana terciptalah simple sniffer ini

definisi
sniffer = Aplikasi/tools penyadap packet yg hilir mudik di interface network kita

kegunaan tools ini
membaca packet komunikasi antara kita dengan komp lain(Local atau Internet) secara transparan, dilengkapi logfile dan filter untuk setiap protocol atau port service yg masih perlu dikembangkan lebih lanjut (tools ini masih tahap alpha)
jadi tidak menutup kemungkinan untuk analisa packet2 trojan/worm atau mengambil informasi apapun yg keluar masuk melalui interface network kita

harapan pengembangan
- dapat melakukan customize injection packet untuk keperluan spoofing
- anti sniff (proteksi komp pengguna terhadap serangan spoofing)
- Intrussion Detection System
- dll

JSSnifferGUI.py masih ver alpha.. btuh report masukan, saran n kritik

program language:
python

requirment:
- python interpreter (tested on python 2.5)
- win32 atau linux(tested & work on winduzXP SP2 & 3, win7 RC, backtrack4-prefinal & ubuntu 9.04)
- di win32 gunakan winpcap library..download disini :

Code:

http://www.winpcap.org/install/bin/WinPcap_4_1_beta5.exe

(khusus untuk winduz 7/vista gunakan ver 4.x ++)
- pcapy module download disini :

Code:

http://oss.coresecurity.com/repo/pcapy-0.10.5.tar.gz

(sesuaikan dgn ver python anda)

feature:
- log all n filtering packet
- filtering capture protocol and port/standard service (menggunakan tcpdump rule)

struktur program:
- terdiri dari 4 file (file utama=JSSnifferGUI.py, 2file modules=packet.py & PacketDecoder.py, 1file monitor.py=engine untuk capturing)
- output save ke 3 logfile(logALL.txt=log keseluruhan, logIP.txt=log khusus list IP[masih dalam tahap pengembangan], logTCP=list khusus flag-bit[masih dlm tahap pengembangan])
- 1 file conf

cara penggunaan:
berhubung ini open source jadi tidak di share dlm format execution
untuk win32(pastikan python interpreter,winpcap dan pcapy sudah terinstall)
set path python agar compiler dpt digunakan dimanapun path lokal berada
type in cmd win32:

Code:

python JSSnifferGUI.py

type in terminal linux/unix:

Code:

python JSSnifferGUI.py

atau

Code:

./JSSnifferGUI.py

(file harus diubah dahulu permissionnya untuk dapat execute) 755 atau 777

jgn lupa untuk menggunakan previledge SU/root atau administrator untuk menjalankan, karena library packet capture hanya dapat diakses oleh administrator user

Screenshot in winduz 7:



format log(dilengkapi waktu):

SS di linux sm aj koq,. ga us dliatin hehe,. maley upload..

mudah2an klo sempet kedepannya ada fitur spoofing, antisniffing, customize packet injector,dll hehe..
ditunggu saran n kritiknya

JSSnifferGUI.py:

Spoiler untuk code :

Code:

#!/usr/bin/python
############################################################################################
## JSSnifferGUI.py with log file code by:bl00dy_c0d3z                                     ##
## <die[dot]z[dot]666[at]gmail[dot]com> or c0mr4d3[at]yahoo[dot]com                       ##
## thanks to core source author: $Id: sniff.py,v 1.4 2003/10/27 17:36:56 jkohen Exp $     ##
## - Maximiliano Caceres <[email protected]>                                           ##
## - Javier Kohen <[email protected]>                                               ##
## Multiplatform simple sniffer with logfile                                              ##
## include modules:                                                                       ##
## pcapy                                                                                  ##
##                                                                                        ##
############################################################################################
import pcapy, os, time
from Tkinter import *  
from pcapy import *


def main():
	view_config()
	dev = strDEVICE.get()
	protocolSET = strPROTOCOL.get()
	if protocolSET == "All":
		varprotocol = ""
	elif protocolSET == "TCP":
		varprotocol = "tcp"
	elif protocolSET == "UDP":
		varprotocol = "udp"
	elif protocolSET == "ICMP":
		varprotocol = "icmp"
	elif protocolSET == "ARP":
		varprotocol = "arp"
	else:
		pass 
	port = strPORT.get()
	if port == "HTTP:80":
		varport = "port 80"
	elif port == "HTTPS:443":
		varport = "port 443"
	elif port == "SSH:22":
		varport = "port 22"
	elif port == "FTP:21":
		varport = "port 21"
	elif port == "DOMAIN:53":
		varport = "port 53"
	elif port == "All":
		varport = ""

	p = open_live(dev, 2000, 0, 100)
	result.insert(END,"=============================================\n")
	result.insert(END,"TCPdump rules:\n")
	result.insert(END,"%s %s" %(varprotocol,varport))
	configLOG = open("conf","w")
	configLOG.write(dev+"\n")
	configLOG.write("%s %s" %(varprotocol,varport))
	configLOG.close()
	result.insert(END,"\n\n\nConfiguration has been set and save...")
	p.setfilter("%s %s" %(varprotocol,varport))
	root.update()

def help():
	windowhelp = Toplevel()
	windowhelp.wm_maxsize(width='400',height='360')
	windowhelp.wm_minsize(width='400',height='360')
	windowhelp.title("About")
	helpFrame = Frame(windowhelp)
	txtSB = Scrollbar(helpFrame)
	nLtxt = Text(helpFrame, fg="green", bg="black", width=540, height=48, wrap=WORD)
	txtSB.config(command=nLtxt.yview)
	txtSB.pack(side=RIGHT, fill=Y)
	nLtxt.pack(fill=Y)
	helpFrame.pack(side=RIGHT, fill=Y)
	helptxt = '''========================JSSnifferGUI.py========================
	
JSSnifferGUI.py ALPHA version
just publish in Jasakom Forum
it comes of course with no warrant of function and we cant take 
responseabilities for eventual damages caused by this tools.

if you like this tool, found a bug or just looking for place to learn
some scripting yourself visit: http://www.jasakom.com/forum
or mail me at <die[dot]z[dot]666[at]gmail[dot]com> or <c0mr4d3[at]yahoo[dot]com>

special thanks to:
- Maximiliano Caceres <[email protected]>
- Javier Kohen <[email protected]>
(thanks for impacket.. i luv it ;p)
- S'to
- PIRUS
- Tomahawk
- Coolkid
- Redebian
- P1t4qh
- and all jasakom members
'''
	nLtxt.insert(END, helptxt)
	window2 = Label(windowhelp)

def view_config():
	result.delete(1.0,END)
	iface = strDEVICE.get()
	protocol = strPROTOCOL.get()
	p = pcapy.open_live(iface, 1500, 0, 100)
	netmask = p.getnet()
	broadcast = p.getmask()
	result.insert(END,"Your Packet Monitoring Configuration:\n")
	result.insert(END,"=============================================\n")
	result.insert(END,"NetID\t\t: "+netmask+"\n")
	result.insert(END,"SubnetMask\t: "+broadcast+"\n")
	result.insert(END,"Protocol\t\t: "+protocol+"\n")
	result.insert(END,"Port\t\t: "+strPORT.get()+"\n")
	root.update()

def runservice():
	os.system("python monitor.py")
	
#def clockPulse():
   #clockVar.set(1 + clockVar.get())
   #root.after(1000, clockPulse)


interface = findalldevs()
protolist = ["All", "TCP", "UDP", "ICMP", "ARP"]
portlist = ("All", "HTTP:80", "HTTPS:443", "FTP:21", "SSH:22", "DOMAIN:53")
#---The GUI---#
root=Tk()
clockVar = IntVar()
#---image---#
imageFile = "JS.gif"
logo = PhotoImage(file=imageFile)
can = Canvas(root)
can.config(width=logo.width(), height=logo.height())
can.place_configure(x=396,y=282)  
can.create_image(50, 20, image=logo)


MNU = Menu(master=root)
root.config(menu=MNU, bg="black")
m1 = Menu(master=MNU, tearoff=0, bg="black", fg="grey")
MNU.add_cascade(label='Option', menu=m1)
m1.add_command(label='About',command=help)
m1.add_command(label='Exit',command=root.destroy)

#---Device----#
DEVICEtext = Label(root,text="Interface\t:")
DEVICEtext.config(bg="black",fg="grey")
DEVICEtext.place_configure(x=10,y=222)
strDEVICE = StringVar(root)
strDEVICE.set(interface[0])
start_DEVICE_e = OptionMenu(root, strDEVICE, *interface)
start_DEVICE_e.config(bg="black",fg="grey",width=len(interface[0]))
start_DEVICE_e.place_configure(x=70,y=218)

#---Protocol---#
PROTOtext = Label(root,text="Protocol\t:")
PROTOtext.config(bg="black",fg="grey")
PROTOtext.place_configure(x=10,y=262)
strPROTOCOL = StringVar(root)
strPROTOCOL.set(protolist[0])
start_PROTOCOL_e = OptionMenu(root, strPROTOCOL, *protolist)
start_PROTOCOL_e.config(bg="black",fg="grey",width=6)
start_PROTOCOL_e.place_configure(x=70,y=258)


#---Port select---#
PORTtext = Label(root,text="Port \t:")
PORTtext.config(bg="black",fg="grey")
PORTtext.place_configure(x=10,y=300)
strPORT = Spinbox(root, values=portlist, bg="black", fg="grey")
strPORT.config(width=10)
strPORT.place_configure(x=73,y=300)

####button view#####
view = Button(root,text="view details",command=view_config)
view.config(width=10,bg="black", fg="green")
view.place_configure(x=420,y=220)

#########set button###########
start=Button(root,text="Set",command=main)
start.config(width=10, bg="black", fg="green")
start.place_configure(x=225,y=325)

#########Stop button##########
clear=Button(root,text="Start Sniff",command=runservice)
clear.config(width=10, bg="black", fg="green")
clear.place_configure(x=300,y=325)

#########Banner###########
banner=Label(root,text="By    :bl00dyc0dez", bg="black", fg="red", width=19, height=1)
banner.place_configure(x=383,y=331)
#root.after(1000, clockPulse)
tambal1=Label(root, bg="black", width=19, height=1)
tambal1.place_configure(x=380,y=266)
tambal2=Label(root, bg="black", width=1, height=4)
tambal2.place_configure(x=386,y=278)
tambal3=Label(root, bg="black", width=58, height=1)
tambal3.place_configure(x=62,y=242)
tambal4=Label(root, bg="black", width=58, height=1)
tambal4.place_configure(x=62,y=202)
tambal5=Label(root, bg="black", width=15, height=1)
tambal5.place_configure(x=60,y=282)

##########result text##########
result=Text(root, bg="black", fg="green", width=80, height=15)
result.place_configure(x=5,y=5)

root.wm_maxsize(width='495',height='350')
root.wm_minsize(width='495',height='350')
root.title("JSSnifferGUI")
root.mainloop()

monitor.py:

Spoiler untuk code :

Code:

#!/usr/bin/python
############################################################################################
## JSSnifferGUI.py with log file code by:bl00dy_c0d3z                                     ##
## <die[dot]z[dot]666[at]gmail[dot]com> or c0mr4d3[at]yahoo[dot]com                       ##
## thanks to core source author: $Id: sniff.py,v 1.4 2003/10/27 17:36:56 jkohen Exp $     ##
## - Maximiliano Caceres <[email protected]>                                           ##
## - Javier Kohen <[email protected]>                                               ##
## Multiplatform simple sniffer with logfile                                              ##
## include modules:                                                                       ##
## pcapy                                                                                  ##
##                                                                                        ##
############################################################################################

import pcapy, os, threading, PacketDecoder
from pcapy import *
from threading import Thread
from PacketDecoder import *
from Tkinter import * 


class DecoderThread(Thread):
    def __init__(self, pcapObj):
        datalink = pcapObj.datalink()
        if pcapy.DLT_EN10MB == datalink:
            self.decoder = EthDecoder()
        elif pcapy.DLT_LINUX_SLL == datalink:
            self.decoder = LinuxSLLDecoder()
        else:
            raise Exception("Datalink type not supported: " % datalink)

        self.pcap = pcapObj
        Thread.__init__(self)

    def run(self):
		self.pcap.loop(0, self.packetHandler)
		windowcapture.update()
        	
    def packetHandler(self, hdr, data):
    	result.delete(1.0,END)
    	result.insert(END,BesarData().decode(data)+"\tbytes\n")
        result.insert(END,self.decoder.decode(data))
        
def main():
	dev = ethernetconf
	p = pcapy.open_live(dev, 2000, 0, 100)
	p.setfilter(filter)
	DecoderThread(p).start()

windowcapture = Tk()
windowcapture.config(bg="black")
windowcapture.wm_maxsize(width='375',height='350')
windowcapture.wm_minsize(width='375',height='350')
windowcapture.title("Capturing..") 

sugestion=Label(windowcapture,text="You can view record this session in logALL.txt", bg="black", fg="red", width=40, height=1)
sugestion.place_configure(x=60,y=20)

result=Text(windowcapture, bg="black", fg="green", width=60, height=20)
result.place_configure(x=5,y=60)
configfile = open("conf")
ethernetconf = configfile.readline()
filter = configfile.readline()
ethernetconf = ethernetconf[:-1]
main()
windowcapture.mainloop()

2 file modules(PacketDecoder.py & packet.py) ga ane show..kpanjangan >.<

download source code here:

Code:

http://h1.ripway.com/11121989/JSSnifferGUI.zip

or mail me in:
die[dot]z[dot]666[at]gmail[dot]com
c0mr4d3[at]yahoo[dot]com

originaly post in :

Code:

http://www.jasakom.com/forum/viewtopic.php?f=97&t=10755

by: bl00d13z(bl00dyc0dez) a.k.a c0mr4d3

[oyabin]

edun mantep bener Bro... tapi sayang wak ga ngerti python... >_<
btw Kang ada referensi bacaan tentang library" yg dipake buat program ntu ga? klo ada yg java ajah.... hehehe... tq.. klo ga da juga gpp...

trus punya algorithma nya kaga Kang?? hehehe... *banyak bangt ya mau nya ... pis Kang*

[bl00d13z]

updated:
versi exe for win32 bisa didownload disini :
http://h1.ripway.com/11121989/JSsnifferGUIexe.rar 3.11mb
works n has been tested on win7 n winXP SP2
pastikan library dibwh ini sudah tersedia di windows anda:

Code:

USER32.dll - C:\Windows\system32\USER32.dll
IMM32.dll - C:\Windows\system32\IMM32.dll
SHELL32.dll - C:\Windows\system32\SHELL32.dll
comdlg32.dll - C:\Windows\system32\comdlg32.dll
WSOCK32.dll - C:\Windows\system32\WSOCK32.dll   
COMCTL32.dll - C:\Windows\system32\COMCTL32.dll
ADVAPI32.dll - C:\Windows\system32\ADVAPI32.dll
msvcrt.dll - C:\Windows\system32\msvcrt.dll
WS2_32.dll - C:\Windows\system32\WS2_32.dll
GDI32.dll - C:\Windows\system32\GDI32.dll
KERNEL32.dll - C:\Windows\system32\KERNEL32.dll

buat winpcap udah ane share linkny ya

@oyabin
library java ane ga dalemin bro.. klo di python iya gw emg lagi mau dalemin.. itu pake impacket ama pcapy yg diedit aja kok dr eksternal modules ny..(bs liat importny) cek di coresecurity.com buat modulesny.. buat modules laen itu udah bawaan default pythonnya.. keq Tkinter,socket,threading,os,sys,time,dll waduh buat algoritmanya keqnya pjg deh bro.. mending tny yg bngungnya ja bro.. >.<

[oyabin]

wah panjang y algo nya... klo ad sih sekalian pingin belajar.. sapa tau ntar bisa buat TA juga ... hehehe...

[petrusali]

Nanya nih. Kalo gw biasa pake http://en.lanctrl.com. Kira2 bagusan mana?

[bl00d13z]

wah panjang y algo nya... klo ad sih sekalian pingin belajar.. sapa tau ntar bisa buat TA juga ... hehehe...

intinya cuma ngerti class n bs manfaatin parameter2 modul yg ada aj.. disitu untuk nangkep raw data dari interface network modul pcapy yg kerja.. tar modul packet.py n PacketDecoder.py nerjemahin n nyusun biar data tersebut human readable.. decoder buat milah2 mana data IP source, IP dest, mac source, mac dest, jenis protocol, port source, dest port, isi data dlm bentuk hexa ditambah ascii ny jg, trus jumlah byte per sequence packet (total keseluruhan besar packet dikurang byte header packet).. nah tugas si monitor.py itu cuma ambil configuration dari file conf untuk ngelakuin packet capture, n file conf ini dihasilin ma file utama.. trus disitu ada rule TCPdump untuk filtering jenis packet mana yg bakal ditangkap.. untuk penyalinan ke logny file PacketDecoder.py yg lakukan.. mulanya modul yg dibuat ma coresecurity itu itu ga da untuk perhitungan waktu, jumlah byte n output ke bentuk log,.disitu ane tmbhn deh.. jadi yg dibuat murni dari 0 tu cm 2 file,. JSsnifferGUI.py ma monitor.py.. sisa modul2 lain yg diimport cuma utk pemanis n pendukung aja, keq threading,time,os,Tkinter.. bisa sih buat TA ini jg emg bagian dari TA ane yg lagi ngebangun IDS sederhana

@petrusali
ya bagus yg di link lah bro.. itu kan udah tools jadi (uda launching, uda di test),. keq MRTG/cacti buat monitoring traffic,atau IDS/IPSnya snort,dll(buatan org luar) yg ane share kan masih simple, tahap alpha n emang buatan ank bangsa (halahh.. tp sering share diluar..hehe) yaa keq coder biasa buat2 web pake CMS, ato bangun aplikasi perkantoran pake VB/delphi.. bedanya karna emang ane basicny network ya codingnya berbau socket n client-server jadi.. bkn web2an n db2an..hehe kapan donk kita saatnya buat2 yg apa mereka buat,. bisanya masa pake terus,. klo buat kan kita enak ngembanginnya,. bnyk ide bisa diterapin karna kita yg bangun,. tools2 keq cain n abel, wireshark, n yg berbau monitoring packet itu dasarnya ya ini.. klo paham ya bisa ngembangin ke yg lebih tinggi lagi,. keq IDS,IPS atau Advance Firewall Policy

[Trademaks]

@ts

share donk modul2 tuk pengembangan aplikasi sperti ini.Patut dicoba tuh..
Kalau perlu dari awal pengembanganya ,source serta komunitas apa yang yg menyediakan info sperti itu.

Penasaran Mode On

Ingin menjadi IT analys yk?

[bl00d13z]

@ts

share donk modul2 tuk pengembangan aplikasi sperti ini.Patut dicoba tuh..
Kalau perlu dari awal pengembanganya ,source serta komunitas apa yang yg menyediakan info sperti itu.

Penasaran Mode On

Ingin menjadi IT analys yk?

modul kan dah ane share itu diatas,. external modul cm impacket ma pcap koq, sisanya default modules dr pythonny ndri,. source jg kan itu dikasih,. mkny ane sebut open source,. klo komunitas sih lgsg ja ke python.org http://python.org/community/
ga pngen2 amt jd analyst koq kk.. hehe,.
klo mau dari awal pengembangan ane harus bkin laporan donk.. intinya ya install interpreter, install externel modulesnya, trus buka module2nya n pelajari class2,fungsi2,objek2 yg ada di dlmny,. manfaatin deh., ada yg perlu diubah atau ditambah class module ny ya tgl tmbh sesuai kebutuhan,. klo yg ane tmbh cm buat itung lebar data per sequence sm waktu aj,. di module impacket ma impactDecoderny,. sisanya pemanfaatan module aj,. sory nih ga terstruktur ane kasih tauny,. bisa berhalaman halaman klo mau detail,. bnyk bgt >.< mnding dtanya ja mn yg ga tau,. jgn smua ditulis dsni dr a mpe z >.< keq bkin laporan TA tar,. masa ane gambarin use case, flowchart,dll klo mau dalemin lbh lanjut ke oss.coresecurity.com ja

ane kutip dikit:

What is Impacket?

Impacket is a collection of Python classes focused on providing access to network packets. Impacket allows Python developers to craft and decode network packets in simple and consistent manner. It includes support for low-level protocols such as IP, UDP and TCP, as well as higher-level protocols such as NMB and SMB. Impacket is highly effective when used in conjunction with a packet capture utility or package such as Pcapy. Packets can be constructed from scratch, as well as parsed from raw data. Furthermore, the object oriented API makes it simple to work with deep protocol hierarchies.

The following protocols are featured in Impacket

* Ethernet, Linux "Cooked" capture.
* IP, TCP, UDP, ICMP, IGMP, ARP.
* NMB and SMB (high-level implementations).
* DCE/RPC versions 4 and 5, over different transports: UDP (version 4 exclusively), TCP, SMB/TCP, SMB/NetBIOS and HTTP.
* Multiple ways of doing SMB tree_connect, file open, read, write.
* SMB "fragmentation", SMB AndX command chaining.
* Plain, NT and LM v1 authentications, using password and hashes only.
* Portions of the following DCE/RPC interfaces: Conv, DCOM, EPM, SAMR, SvcCtl, WinReg.
* DCERPC Alternate contexts, Multi-bind requests, Endianness selection
* DCERPC NT and LM v1 authentication, integrity checking and encryption.
* DCERPC v4 and v5 fragmentation, DCERPC v4 idempotent requests.
* Take a look at this document for an explanation of the advanced SMB and DCERPC features.

What is Pcapy?
Pcapy is a Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets.

[bl00d13z]

updated:
Beta version v 1.0

only for win32 user.. worked & tested on Windows 7 RC and windows XP SP2
- windows bug fixed (not respond handling)
- multiwindow & multi filtering capture packet
- realtime logfile
- filtering protocol & port bug fixed

screenshot updated:


download EXE:
http://h1.ripway.com/11121989/JSSnifferGUIexeBETA.rar

please install winpcap before running this tool

[petrusali]

Gw coba kalo bingung tolong tutorny y kk. Tau the Dude gk? Itu kekna jg software jenis yg sama, tp gw bingung pakeny. Silakan dicoba kalo dah ngerti carany sekalian gw ditutor donk. Trus the Dude itu khusus pengguna Mikrotik / bs dipake wat semua org? Thx.

Added:
wkwkwkwkwkwk ternyata gw bingung. Ini software kekna cuman nge-sniff network adapter PC yg execute y. Bs gk nge-sniff PC laen dlm 1 network?

[bl00d13z]

Gw coba kalo bingung tolong tutorny y kk. Tau the Dude gk? Itu kekna jg software jenis yg sama, tp gw bingung pakeny. Silakan dicoba kalo dah ngerti carany sekalian gw ditutor donk. Trus the Dude itu khusus pengguna Mikrotik / bs dipake wat semua org? Thx.

Added:
wkwkwkwkwkwk ternyata gw bingung. Ini software kekna cuman nge-sniff network adapter PC yg execute y. Bs gk nge-sniff PC laen dlm 1 network?

hampir mirip kok, bedanya the dude bisa sekalian generate ke bentuk topologi,. klo cm mantau trafik penggunaan gitu ane lebih sk pk cacti ato lgsg ssh ja routerny dr jauh,. buat securityny cakep APF ama snort,. klo dude ga perna make lama cm liat sekilas aj,. mslhny ga bs dipantau ulang dari tmpt lain, hrs di routerny, n ane kurang suka klo misalnya gunain service2 tanpa SSL buat monitoring (lbi tenang lwt ssh ato https)

yup itu jdulny jg kan simple sniffer,. klo mau sniff PC laen dlm 1 segmen posisi km harus di hilir mudik paket (router) atau komunikasi segmen yg km gunain masih pake HUB bkn switch, jdinya ya broadcast tar, kesadap dmanapun posisi km ada,. nah klo mau di switch bisa itu rencananya kan ada diatas uda ane post

- dapat melakukan customize injection packet untuk keperluan spoofing
- anti sniff (proteksi komp pengguna terhadap serangan spoofing)
- Intrussion Detection System
- dll

customize injection packet,. utk modulny udah ada sih tgl dimasukin aj, cm lom ane share coz itu kpake wat TA,. masi private,. pernah tau kan ARP spoofing? yg manipulasi mac-add supaya kita dianggap PC korban ma router n PC korban anggep kita PC router a.k.a MITM?! prnah dunk maen cain n abel ato etercap, ato scapy mungkin klo km biasa under unix/linux, nah mirip keq itu.. sayangny buatan org luar,.

[petrusali]

Moga2 dr simple cpt berkembang k yg full dah kk. Gw malas kalo kudu mempelajari software2 dr luar. Gw tunggu kabarny y.

Added:
Br nemu link ini (http://www.monkey.org/~dugsong/dsniff) tp gk tau manfaatny. Moga2 bs jd referensi wat loe.