Raw Sockets Windows Xp
Fri, 22 Jan 2010 18:01:43 +0000
It was changed by way of a security update after SP1 (but before SP2),
but there was a workaround that still allowed users to circumvent the
security fix and still allow traffic over raw sockets. With SP2 it was
decided to plug this workaround too.
Why was this even present in the 'gold' or original RTM Windows XP
version? I do not know, probably because it was thought that there was a
legitimate use and need for this, but maybe after Windows XP was
released Microsoft might have had a change of mind and decided that this
feature should not be enabled on "client" or "consumer" versions of
their operating systems. Before SP2 came about embarrassing security
flaws were being exposed on a regular basis and Microsoft made an all
out effort to plug a lot of holes in Windows XP, the word then was that
almost all other projects were on hold or slowed down while Microsoft
concentrated on security and worked on SP2 for Windows XP, even Vista's
release was pushed back while Microsoft worked at securing their
flagship product.
For all it is worth Unix and Linux permit traffic over raw sockets and
the Windows server versions also allow this, although I am unsure if
Server 2008 still allows it. I think that it is probably just that with
all kinds of bumbling users on XP a decision was made to "protect the
users from themselves" so they plugged up raw sockets as a preemptive
strike against possible exploits. But that is just what I think at this
time... I do not know the exact reasons behind these decisions.
John
IP Sniffer 1.98.0.9 download free
IP Sniffer description
A free protocol analyzer, that uses the XP/2K Raw Socket features
IP Sniffer is a suite of IP Tools built around a packet sniffer.The packet sniffer can work on all Windows versions using either: the new raw socket implementation of Windows2000 (driverless), WinPcap (needs to be installed), a NDIS protocol (needs to be installed , no reboot). IP sniffer is a protocol analyzer, that will use the XP/2K Raw Socket features.
IP Sniffer is also a suite of IP Tools like: IP trafic monitor, IP statistics, ARP (list & deleter entries, send request), Netbios Names, Route Print, Netstat (shows process attached to a connection, kill attached process, kill tcp entry), Network informations (Params, Adapters, Cards), Spoofing (TCP, UDP, ICMP, ARP), WINS Query, DNS Query (using win32 DNSAPI), DHCP Find, WHOIS, Resolve IP / Hostname, PING (Host & Subnet), TCP Scan (Host & Subnet)
Here are some key features of "IP Sniffer":
The IP tools are :
· Bandwidth monitor. view
· Adapter statistics (IP & NDIS). view
· Wireless Stumbler.
· List and manage ARP entries, resolve IP to MAC, resolve MAC to IP, send a WAKEUP call. view
· List and manage routes, enable & disable host as a router. view
· List and manage open ports and attached processes. view view
· Edit network config.
· Hook winsock (winsock32.dll & ws2_32.dll).
· Spoof ARP (and do ARP cache poisoning), spoof TCP, spoof UDP, spoof ICMP, spoof DHCP Release.
· Change MAC address, discover remote mac addresses. view
· SNMP Get & Set, List interfaces, Switch port mapper, Media Attachment Unit table.
· WINS Query.
· DNS (advanced) Query, DNS Server, Local resolver.
· DHCP Server (with PXE support), DHCP Discover.
· Whois Query.
· SMTP client.
· TCP tools (TCP ping, TCP half scan, Time-Daytime client/server).
· UDP tools (MSSQL Ping, SNMP ping, SSDP scan, Syslog client/server, Time-Daytime client/server, tftp server).
· ICMP tools.
· TCP/UDP bounce port.
MS Networks:
· Enum servers by type, Spoof net send, Shutdown remote windows, Display remote windows properties, Display remote netbios names, Enum Terminal Services processes and sessions, Enum remote print ports, Enum remote drivers, Enum remote AT jobs, Enum remote scheduled tasks.
Password tools :
· Edit protected storage (IE, Outlook Express, ·?) , Decrypt Dialup Passwords , Dump XP Credentials ( MSN, network shares, ·?) & decrypt passwords , Decode IE history, Reveal asterisks / hidden passwords, decode RDP, Decode MSAccess passwords, enum WEP keys.
· List and manage local & remote processes.
· Tiny firewall (using Windows API).
· Get internet IP.
What's New in This Release:
· added : loadfromdb and savetodb will keep table history
· added : save cap file with same link type as loaded cap file
· added : find user / computer in ad browser
· added : lastlogontimestamp in ad browser
· added : update/add/delete db one item in bookmark
· added : add/delete/create group & user in ad browser
· added : winsock hook will display 127.0.0.1 traffic
· added : winsock hook can save datas to cap file
· added : more reports : devices, printers ports/drivers/monitors, local admins
· added : reports from a list of servers
· added : update line from vbs in bookmark window
· added : new unit = hashes
· added : SIO_RCVALL IOCTL option (to be tested against different nics)
· added : modified savetreeview to be able to reload via loadlistview
· added : remove column, search and replace in bookmark
· fixed : winsock hook (recv functions were nulling the buffer)
Licence: Free
IP Sniffer 1.98.0.9 [6.8 MB]