A network sniffer can be used for multiple purposes, such as revealing somebody's password, or reverse-engineering an application. Tools such as Ethereal (now known as Wireshark) can make it easier to implement a protocol by watching how someone else's implementation works. Today I stumbled upon another network sniffer, which has a slightly different functionality, and is more suitable for certain jobs.oSpy is an open source tool, which allows you to monitor the network activity of a specific application. Unlike in the case of Wireshark, there will be no need to look through a huge number of lines, figuring which ones relate to communications performed by the target application. Sure, you can filter by port or host, but what if the program uses more ports? What if communicates with multiple servers? Getting things figured out is quite difficult when you're dealing with an undocumented protocol.
- oSpy also allows you to see which network-related API function was called at a given moment in time;
- which way the communication goes (send or receive);
- which is the return address of each call (thus you can use a disassembler, examine that address and see what happens with the data afterwards);
- you can easily search for a given string in the communication log;
- one really cool feature is the ability to see the traffic that goes through an encrypted channel (see the SSL sniffing demo); a conventional sniffer will show raw data sent through the network, while oSpy can reveal the actual data that are obtained after the decryption of the raw message;
oSpy also makes it possible to create attractive conversation logs, where colours are used to separate sent data from received data, where strings are shown in ASCII as well as in HEX. Such a chart can be navigated (there is a small preview bar, which acts as a more informative scroll bar).oSpy is definitely a great tool to play with, it is not a replacement for Wireshark, but it will (without a doubt) make some tasks less complicated. Check out the project's official web-site for a complete description, as well as several demos that illustrate the program's abilities in action.Happy reversing!
Comment from: mj [Visitor]
thats not cool, in fact UI sucks (not that is the only thing that maters), this is cool (well its not free but): http://www.techcrunch.com/2007/04/10/watch-your-network-play-space-invaders/ , http://www.netqos.com/network-monitoring/network-monitoring-labs.html
Form is loading...