(i.e. how to be antisocial at a coffeeshop that has open wifi)

application layer

• ettercap — grabs plaintext passwords from ~20 protocols
• driftnet — grabs images from web traffic
• dsniff — grabs plaintext passwords from ~20 protocols
  • filesnarf — grabs files accessed over NFS
  • mailsnarf — grabs contents of emails
  • msgsnarf — grabs contents of several IM protocols
  • urlsnarf — produces a log of URLs that are accessed
  • webspy — views a target web browsing in real time
• SniffPass by Nirsoft — sniffs plaintext passwords for 4 protocols (Windows only)
• Cain and Abel — grabs Windows password hashes
• NetworkMiner — passive network mapping (Windows only)
• more

transport layer

• tcpxtract — performs file carving on TCP streams
• libnids (Perl package)
• tcpflow
• tcpreplay's flowreplay (design document)
• chaosreader
• flow-tools — enterprise-level flow analysis
• more
• more

strip WIFI logs so LAN-only tools can use them

• airdecap-ng