Link Logger Home ZyXel Banner Binary Visions
Netgear
LinkSYS
Router

PortPeeker
Link Logger for Windows
Home Home Product Info Product Info Download Download/Purchase Support Support  
Link Logger for Windows

NewsLatest News

Screen ShotsScreenshots

Customer CommentsFeedback

Common ScansScans

Additional ResourcesResources

PortPeeker is a freeware utility for capturing network traffic for TCP, UDP or ICMP protocols (see Note below about ICMP traffic).  With Port Peeker you can see what traffic is being sent to a given port, easily and quickly.

Before we go any further a disclaimer to fend off any legal hyenas out there.  PortPeeker is written in Borland's Delphi language which is a Pascal derivative and implies that it not as vulnerable to attacks like buffer overflows as say applications written in C/C++ as Delphi strings are dynamically allocated on the heap and not on the stack like C/C++, but we have written PortPeeker to be freeware and as such we can not and or will not guarantee or make any warrantees concerning PortPeeker, it's usage or this documentation.  Please feel free to use PortPeeker and hopefully you find it to be a solid and helpful tool, but remember you are using it at your own risk.  The samples given on this page are meant as examples of usage and types of information which you can retrieve using PortPeeker, but we advise you to carefully consider security issues when listening to network traffic such that you don't inadvertently or unknowingly expose your system or network to harmful traffic or events.  In short we hope you like PortPeeker and find it to be a useful and informative tool, but if you toast yourself while using it, 'gosh that's too bad'.

Now to the fun stuff.

PortPeeker is a single standalone exe will should work on Windows 95, 98, 98SE, ME, NT, 2000, XP and 2003 and can be placed anywhere on the system.  We recommend creating a desktop shortcut to PortPeeker so its quick and easy to find and use.  

NOTE on Windows NT, 2000, and XP you will not by default be able to listen to ICMP traffic.  Windows NT and Win2000 have security in place that inhibits the use of ICMP. The work around for NT is to disable the security check on RAW sockets by creating the following registry variable and settings its value to DWORD 1: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Afd\Parameters\DisableRawSecurity 

Once you have started PortPeeker you have to configure it as to what protocol and port (or just ICMP protocol as it doesn't use 'ports') to listen on.  You can also configure PortPeeker as to what type of traffic events to record.  For example if we want to listen for TCP port 80 traffic (http), we would configure PortPeeker to listen on TCP 80.

PortPeeker setup to capture and reply to TCP port 80 Traffic

NOTE you can have PortPeeker send an 'On Connection' and/or 'On Data In' response string or echo back the data sent.  In this case we added a http response that appears in the user's browser as:

 

After pressing OK PortPeeker will start listening on the designated port (given that some other application isn't already using this port, if so PortPeeker will report an error).  PortPeeker can do a number of things with the captured inbound traffic including searches.

Tracking malicious uploads on myDoom port.

 

PortPeeker can also perform WhoIs searches.  For example you can highlight an IP address from the capture and select WhoIs from the pop up menu and PortPeeker can lookup who owns the IP address or hostname.

 

For a case study done with PortPeeker investigating inbound UDP Port 137 traffic please see 'A Day and a Night with PortPeeker and UDP Port 137' that we posted on DSLReports.

Hopefully this brief introduction to PortPeeker answers any questions you might have have and helps you understand how to use PortPeeker.  We often use it as a quick and dirty honeypot to capture suspicious traffic events for analysis in parallel with our firewall logging tools (Link Logger and SonicLogger (for SonicWall firewalls)).

 

* Please use the mirrors as I don't have a lot of bandwidth to spare on my site *

PortPeeker Version 2.7.0.21 Download

Mirror 1

Mirror 2

Mirror 3

Mirror 4

 

Some sample captures.  PLEASE NOTE that displaying these samples could cause your IDS (if your using one) to report a false positive, if so please do not email a notification to our ISP.

MSBlast Scan/Infection Sequence
RPC/DCOM Vulnerability Scanning Tools
SQL Slammer
CodeRedII.f
Nimda
SQL Server Connection Attempt
A Day and a Night with Port Peeker and UDP Port 137
DoomJuice.B PortPeeker Capture

Please send any captures you think should be added to the list.

 

Rated 3.5 stars at SnapFiles
Rated Excellent at Softpedia

Softpedia Rated Excellent

While PortPeeker is not an officially supported product but if you have any suggestions or find any bugs please send them to PortPeeker@LinkLogger.com