11) Tcpdump – A powerful tool for network monitoring and data acquisition
This program allows you to dump the traffic on a network. tcpdump is able to examine IPv4, ICMPv4, IPv6, ICMPv6, UDP, TCP, SNMP, AFS BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS and many other packet types.
It can be used to print out the headers of packets on a network interface, filter packets that match a certain expression. You can use this tool to track down network problems, to detect “ping attacks” or to monitor network activities.
Install tcpdump in ubuntu
sudo aptitude install tcpdump
12) OpenSSH – secure shell server
This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group.Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide applications with a secure communication channel.This package provides the sshd server.
In some countries it may be illegal to use any encryption at all without a special permit.
Install Openssh server in ubuntu
sudo aptitude install openssh-server
13) Denyhosts – an utility to help sys admins thwart ssh hackers
DenyHosts is a program that automatically blocks ssh brute-force attacks by adding entries to /etc/hosts.deny. It will also inform Linux administrators about offending hosts, attacked users and suspicious logins.Syncronization with a central server is possible too.
Differently from other software that do same work, denyhosts doesn’t need support for packet filtering or any other kind of firewall in your kernel
Install Denyhosts server in ubuntu
sudo aptitude install denyhosts
14) Snort – Flexible Network Intrusion Detection System
Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate “alert” file, or even to a Windows computer via Samba.
This package provides the plain-vanilla snort distribution and does not provide database (available in snort-pgsql and snort-mysql) support.
Install snort in ubuntu
sudo aptitude install snort
15) Firestarter – gtk program for managing and observing your firewall
Firestarter is a complete firewall tool for Linux machines. It features an easy to use firewall wizard to quickly create a firewall. Using the program you can then open and close ports with a few clicks, or stealth your machine giving access only to a select few. The real-time hit monitor shows attackers probing your machine.
Install firestarter in ubuntu
sudo aptitude install firestarter
16) clamav – anti-virus utility for Unix – command-line interface
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon in the clamav-daemon package, a command-line scanner in the clamav package, and a tool for automatic updating via the Internet in the clamav-freshclam package. The programs are based on libclamav3, which can be used by other software.
This package contains the command line interface. Features:
– built-in support for various archive formats, including Zip, RAR, Tar,
Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others;
– built-in support for almost all mail file formats;
– built-in support for ELF executables and Portable Executable files
compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and
obfuscated with SUE, Y0da Cryptor and others;
– built-in support for popular document formats including Microsoft
Office and Mac Office files, HTML, RTF and PDF.
For scanning to work, a virus database is needed. There are two options for getting it:
– clamav-freshclam: updates the database from Internet. This is
recommended with Internet access.
– clamav-data: for users without Internet access. The package is
not updated once installed. The clamav-getfiles package allows
creating custom packages from an Internet-connected computer.
Install Clamav in ubuntu
sudo aptitude install clamav
17) Ettercap – Multipurpose sniffer/interceptor/logger for switched LAN
Ettercap supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.Data injection in an established connection and filtering (substitute or drop a packet) on the fly is also possible, keeping the connection synchronized.
Many sniffing modes were implemented to give you a powerful and complete sniffing suite. It’s possible to sniff in four modes: IP Based, MAC Based, ARP Based (full-duplex) and PublicARP Based (half-duplex).
It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
Install ettercap in ubuntu
sudo aptitude install ettercap
If you want to install ettercap GUI install following package
sudo aptitude install ettercap-gtk
18) Netcat – TCP/IP swiss army knife
A simple Unix utility which reads and writes data across network connections using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
Install netcat in ubuntu
sudo aptitude install netcat
19) MTR – mtr combines the functionality of the ‘traceroute’ and ‘ping’ programs in a single network diagnostic tool.
As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine.
Install mtr in ubuntu
Download .deb package from here
dpkg -i mtr_0.39-1.deb
20) Hping3 – Active Network Smashing Tool
hping3 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols. Using hping3, you can test firewall rules, perform (spoofed) port scanning, test network performance using different protocols, do path MTU discovery, perform traceroute-like actions under different protocols, fingerprint remote operating systems, audit TCP/IP stacks, etc. hping3 is scriptable using the TCL language.
Install hping3 in ubuntu
sudo aptitude install hping3