Being a Network administrators, systems administrators we always like to have some tools handy to look into, troubleshoot or just to figure things out. There are many open source, free tools available specialized for different purposes
In this blog I shall attempt to list some of them, give a brief description and list the available platform. I prefer to run these tools from a laptop on both windows and linux platform. I also prefer to have the ability to carry them around in a pen drive in a portable format. Linux boot disks are also useful in these cases
The basic tools to check tcp/ip
Ping is the most basic tool we use to check connectivity. We also use arp to check the local broadcast domain and the arp resolution table. traceroute(linux)/tracert(windows) is used to check the path to the destination host. “mtr” is a powerful tool to view the network part for a longer period of time, usually installed as an additional package. Windows version of mtr is also available, even a portable version. One more useful tool comes mostly of out the box is nslookup (windows and linux) and dig for linux; they are very useful troubleshooting identifying dns related investigation. “whois” is one more tool useful to find out more in some ip or domain name, owner, contact authority, as number etc. Last but not the least netstat available both in windows and linux is a useful tool to find out the local network status easily. A follow the link for a detail tutorial on how to use these basic tools.
Some advanced tools I prefer having access to:
Url: www.tcpdump.org/ category: network sniffer
Description: My favourite tool. No matter where you are if the cable is connected, you will always get some useful info on what’s going on around the network you are connected to.
Howto: I usually start with tcpdump –n –I ethx. I found this tutorial to be helpful http://danielmiessler.com/study/tcpdump/
Url: ntop Category: check network traffic usage with statistics (network statistics generator)
Description: ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.
Howto: using this tool is straight forward, work pretty much out of the box with minimum configuration. Web based interface makes extracting the statistics easy
Avialable ports for both windows and linux
url http://netsniff-ng.org/ Category: networking toolkit, level: medium to advanced (sniffer)
Description: The netsniff-ng toolkit consists of the following utilities:
- netsniff-ng, a high-performance zero-copy analyzer, pcap capturing and replaying tool
- trafgen, a high-performance zero-copy network traffic generator
- bpfc, a Berkeley Packet Filter (BPF) compiler supporting Linux extensions
- ifpps, a top-like kernel networking and system statistics tool
- flowtop, a top-like netfilter connection tracking tool
- curvetun, a lightweight multiuser IP tunnel based on elliptic curve cryptography
- ashunt, an Autonomous System (AS) trace route and ISP testing utility
Avialable ports: linux only
url http://iperf.sourceforge.net/ Category: network throughput testing (network throughput)
Howto: it’s a simple tool with a few simple commands like
Iperf –c 192.168.100.1 # to send packet to the server
Iperf –s #run on receiving/server mode
Url: http://www.wireshark.org/ Category: Packet analyzer (sniffer)
Description: Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.
Howto: Usually I have a very simple primitive use for it, most of the time I used to look into tcp/ip packets looking for anomaly while troubleshooting. I found this nice video tutorial on how to use wireshak in detail.
Url: http://www.kernel.org/pub/software/network/ethtool/ Category: network interface
Description: ethtool is a Linux command for displaying or modifying the Network Interface Controller (NIC) parameters.
Howto: just to display Ethernet driver setting
ethtool -i eth0
Avialable ports linux only
Url: http://www.openvas.org/ Category: vulnerability scanner (sniffer, scanner)
Description: OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution. OpenVAS was initially named GNessUs as a fork of the Nessus security scanner to allow future free development of the now-proprietary tool.
Howto: If you are used to using Nessus, it is somewhat similar. I found this tutorial to be useful
Available ports: windows and linux ports
Url: http://ettercap.sourceforge.net/ Category: security audit (scanner, sniffer, re-writer)
Description: Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing.
Howto: ettercap is an advanced utility, to use it, one must understand basics of tpc/ip, man in the middle attack, how arp works etc. Check these articles for more on how to use it. http://openmaniak.com/ettercap.php and http://openmaniak.com/ettercap_arp.php
Url: http://netcat.sourceforge.net/ Category: simple tcp udp read write
Description: Netcat is a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable “back-end” device that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities.
Howto: netcat is simple to use. For example just to open a port on 25 you can use
nc mail.server.net 25
to test if a udp port is open
nc -ul 7000
url: http://www.chiark.greenend.org.uk/~sgtatham/putty/ Category: ssh/telnet/tty client
Description: PuTTY is a free and open source terminal emulator application which can act as a clientfor the SSH, Telnet, rlogin, and raw TCP computing protocols and as a serial consoleclient.
Howto: using putty is very straight forward, I don’t think any one used to using any terminal emulator/ssh/telnet client would require much of a help to learn how to use it out of the box. However if you want to use its advanced functions you may appreciate a little bit of help. For more help Putty document page is a good place to start http://www.chiark.greenend.org.uk/~sgtatham/putty/docs.html
Available ports: windows port . I haven’t seen a Linux port for putty
Url www.netstumbler.com/ Category: wireless network scanning
Description: NetStumbler (also known as Network Stumbler) is a tool for Windows that facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards
Howto: use of Netstambler is very intuitive and self explanatory. Its scans the network for access point and the clients and produces a graphical presentation of what it sees. I found this link to be useful http://www.securitytube.net/video/76
Cain and Abel
url: http://www.oxid.it/cain.html Category: security utility and audit tool sets (sniffing)
Description: Cain & Abel is a password recovery tool for Microsoft. It can do so by sniffing the network, using dictionary etc. Some virus scanners detect Cain and Abel as malware. However, as the source code for Cain and Abel is not available for independent security review, there is no sure way to say this tool is 100% safe.
Howto: use is straight forward; however you must know what you are doing in this case. The interface is not as intuitive as a novice would like it to be. Need to spend a bit of time to figure things out yourself. I found this link relatively informative http://www.thehackerslibrary.com/?p=414
Available ports: windows
url: http://nmap.org/ Category: network security scanner
Description: Nmap sends specially crafted packets to the target host and then analyzes the responses. Unlike many simple port scanners that just send packets at some predefined constant rate, Nmap accounts for the network conditions (latency fluctuations, network congestion, the target interference with the scan) during the run. Nmap has been able to extend its discovery capabilities beyond simply figuring out whether a host is up or down and which ports are open and closed; it can determine the operating system of the target, names and versions of the listening services, estimated uptime, type of device, and presence of a firewall.
Howto: nmap is a medium to advanced level tool. Understanding how tcp/ip works will give you the edge on using this. To run a simple scan for open tcp port we can use
#nmap –sT 192.168.0.1
#nmap –sS 192.168.0.1 # <=this will run a tcp SYN scan
#nmap –sP 192.168.0.1-255 # <= Ping Scan
Basic usage: http://anish.at.preempted.net/nmap.htm
Reference guide: http://nmap.org/book/man.html
Available ports: windows port and linux port
Angry ip scanner
url: http://www.angryip.org Category: network scanner
Description: Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.
Howto: usage is simple with a fine GUI, works out of the box every time, basic network skills sets are enough to make use of it.
Available ports: windows port and linux port
url: http://iptraf.seul.org/ Category: interface traffic monitoring
Description: iptraf provides statistics on network. It works by collecting data on, tcp/urp/arp connections and provide real-time statistics on activity of the interfaces
Howto: usage is simple and straightforward. All you need to do is run it on an interface. Example
Iptraf –I eth1
Read the manual for more information
Avialable ports: linux port
tag: iptraf, angry ip scanner, nmap, cain and abel, netstumbler, putty, netcat, nc, ettercap, OpenVAS, nessus, ethtool, wireshark, ethereal, iperf, netsniff-ng, ntop, tcpdump, link, download, url, howto, how to, description, windows port, linux port, windows download, linux download, ping, dns, check network