21) ngrep – grep for network traffic
ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
Install ngrep in ubuntu
sudo aptitude install ngrep
22) john – active password cracking tool
john, mostly known as John the Ripper, is a tool designed to help systems administrators to find weak (easy to guess or crack through brute force) passwords, and even automatically mail users warning them about it, if it is desired.
It can also be used with different cyphertext formats, including Unix’s DES and MD5, Kerberos AFS passwords, Windows’ LM hashes, BSDI’s extended DES, and OpenBSD’s Blowfish.
Install john in ubuntu
sudo aptitude install john
23) tcptrace – Tool for analyzing tcpdump output
Tcptrace is a tool for analyzing and reporting on tcpdump (or other libpcap) dump files. It can summarize the data or generate graph data for use with the gnuplot tool from the gnuplot package. Graph data can be created for throughput, RTT, time sequences, segment size, and cwin.
Install tcptrace in ubuntu
sudo aptitude install tcptrace
24) netdude – NETwork DUmp data Displayer and Editor for tcpdump trace files
It is a GUI-based tool that allows you to make detailed changes to packets in tcpdump trace files, in particular, it can currently do the following:
* Set the value of any field in IP, TCP and UDP packet headers.
* Copy, move and delete packets in the trace file.
* Fragment and reassemble IP packets.
* Netdude constantly communicates with a tcpdump process to update
the familiar tcpdump output that corresponds to the trace. This
also means that any changes made to your local version of tcpdump
are reflected in Netdude.
* Plugin architecture: people can easily add plugins for specific
tasks. The code comes with a plugin for checksum correction in IP,
TCP and UDP, and a dummy plugin.
* Through the plugin mechanism, Netdude provides a good facility for
writing tcpdump trace file filters.
Install netdude in ubuntu
sudo aptitude install netdude
25) tcpreplay – Tool to replay saved tcpdump files at arbitrary speeds
Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn’t exercise the application/protocol inspection that a NIDS performs, and doesn’t reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.
Install tcpreplay in ubuntu
sudo aptitude install tcpreplay
26) Dsniff – Various tools to sniff network traffic for cleartext insecurities
This package contains several tools to listen to and create network traffic:
* arpspoof – Send out unrequested (and possibly forged) arp replies.
* dnsspoof – forge replies to arbitrary DNS address / pointer queries
on the Local Area Network.
* dsniff – password sniffer for several protocols.
* filesnarf – saves selected files sniffed from NFS traffic.
* macof – flood the local network with random MAC addresses.
* mailsnarf – sniffs mail on the LAN and stores it in mbox format.
* msgsnarf – record selected messages from different Instant Messengers.
* sshmitm – SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
* sshow – SSH traffic analyser.
* tcpkill – kills specified in-progress TCP connections.
* tcpnice – slow down specified TCP connections via “active”
* urlsnarf – output selected URLs sniffed from HTTP traffic in CLF.
* webmitm – HTTP / HTTPS monkey-in-the-middle. transparently proxies.
* webspy – sends URLs sniffed from a client to your local browser
(requires libx11-6 installed).
Install dsniff ubuntu
sudo aptitude install dsniff
27) scapy – Packet generator/sniffer and network scanner/discovery
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, ….
In scapy you define a set of packets, then it sends them, receives answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage over tools like nmap or hping that an answer is not reduced to (open/closed/filtered), but is the whole packet.
Install scapy in ubuntu
sudo aptitude install scapy
28) Ntop – display network usage in top-like format
ntop is a Network Top program. It displays a summary of network usage by machines on your network in a format reminiscent of the unix top utility.It can also be run in web mode, which allows the display to be browsed with a web browser.
Install ntop in ubuntu
sudo aptitude install ntop
29) NBTscan – A program for scanning networks for NetBIOS name information
NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address (such as Ethernet).
Install nbtscan in ubuntu
sudo aptitude install nbtscan
30) tripwire – file and directory integrity checker
Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.
Install tripwire ubuntu
sudo aptitude install tripwire