The Ubuntu repositories contain several useful tools for maintaining a secure network and network administration.This security tools include network scanning,attack detection,Virus Detection etc.
1) Wireshark – network traffic analyzer
Wireshark is a network traffic analyzer, or “sniffer”, for Unix and Unix-like operating systems. A sniffer is a tool used to capture packets off the wire. Wireshark decodes numerous protocols (too many to list).This package provides wireshark (the GTK+ version)
Install Wireshark in Ubuntu
sudo aptitude install wireshark
2) Nessus – Remote network security auditor
The Nessus® vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.
Install nessus in ubuntu
sudo aptitude install nessus
3) Nmap – The Network Mapper
Nmap (“Network Mapper”) is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.
Install nmap ubuntu
sudo aptitude install nmap
If you want nmap frontend install the following package
sudo aptitude install zenmap
4) Etherape – graphical network monitor modeled after etherman
EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.
Install Etherape in ubuntu
sudo aptitude install etherape
5) Kismet – Wireless 802.11b monitoring tool
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.
Install Kismet in ubuntu
sudo aptitude install kismet
6) Chkrootkit – Checks for signs of rootkits on the local system
chkrootkit identifies whether the target computer is infected with a rootkit. Some of the rootkits that chkrootkit identifies are:
1. lrk3, lrk4, lrk5, lrk6 (and some variants);
2. Solaris rootkit;
3. FreeBSD rootkit;
4. t0rn (including latest variant);
5. Ambient’s Rootkit for Linux (ARK);
6. Ramen Worm;
9. Romanian rootkit;
11. Lion Worm;
12. Adore Worm.
Please note that this is not a definitive test, it does not ensure that the target has not been cracked. In addition to running chkrootkit, one should perform more specific tests.
Install chkrootkit in ubuntu
sudo aptitude install chkrootkit
7) Rkhunter – rootkit, backdoor, sniffer and exploit scanner
Rootkit Hunter scans systems for known and unknown rootkits, backdoors, sniffers and exploits.
It checks for:
– MD5 hash changes;
– files commonly created by rootkits;
– executables with anomalous file permissions;
– suspicious strings in kernel modules;
– hidden files in system directories;
and can optionally scan within files. Using rkhunter alone does not guarantee that a system is not compromised. Running additional tests, such as chkrootkit, is recommended.
Install rkhunter in ubuntu
sudo aptitude install rkhunter
tiger – Report system security vulnerabilities
TIGER, or the ‘tiger’ scripts, is a set of Bourne shell scripts, C programs and data files which are used to perform a security audit of UNIX systems. TIGER has one primary goal: report ways ‘root’ can be compromised.Debian’s TIGER incorporates new checks primarily oriented towards Debian distribution including: md5sums checks of installed files, location of files not belonging to packages, check of security advisories and analysis of local listening processes.
Install tiger in ubuntu
sudo aptitude install tiger
9) GnuPG – GNU privacy guard
GnuPG is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440.GnuPG does not use any patented algorithms so it cannot be compatible with PGP2 because it uses IDEA (which is patented worldwide).
Install gnupg in Ubuntu
sudo aptitude install gnupg
If you want gnupg GUI tool use this
Seahorse – A Gnome front end for GnuPG
Seahorse is a GNOME application for managing encryption keys. It also integrates with nautilus, gedit and other places for encryption operations.
Install seahorse in ubuntu
sudo aptitude install seahorse
10) Nemesis – TCP/IP Packet Injection Suite
Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.
Nemesis can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP packets. Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.
Install nemesis in ubuntu
sudo aptitude install nemesis