dsniff is a collection of tools for network auditing and penetration testing http://www.monkey.org/~dugsong/dsniff/ ------------------------ Echoping is a small program to test (approximatively) performances of a remote host by sending it TCP "echo" (or other protocol, like HTTP) packets. Documentation and downloads are available at: http://echoping.sourceforge.net ------------------------- fping is a tool to quickly ping N number of hosts to determine their reachability. Documentation and downloads are available at: http://www.fping.com ------------------------- Hping est un assembleur/analyseur de paquet TCP/IP orienté ligne de commande Documentation and downloads are available at: http://www.hping.org, http://wiki.hping.org ------------------------- IFStatus was developed for Linux users that are usually in console mode. It is a simple, easy to use program for displaying commonly needed / wanted statistics in real time about ingoing and outgoing traffic of multiple network interfaces that are usually hard to find, with a simple and efficient view. It is a substitute for the PPPStatus and EthStatus projects. Documentation and downloads are available at: http://ifstatus.sourceforge.net ------------------------- iftop does for network usage what top(1) does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question "why is our ADSL link so slow?". Documentation and downloads are available at:http://www.ex-parrot.com/~pdw/iftop -------------------------- ipcalc takes an IP address and netmask and calculates the resulting broadcast, network, Cisco wildcard mask, and host range. By giving a second netmask, you can design subnets and supernets. It is also presents the subnetting results as easy-to-understand binary values. Enter your netmask(s) in CIDR notation (/25) or dotted decimals (255.255.255.0). Inverse netmasks are recognized. If you omit the netmask ipcalc uses the default netmask for the class of your network. Documentation and downloads are available at: http://jodies.de/ipcalc -------------------------- Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, datagram loss. Documentation and downloads are available at: http://dast.nlanr.net/Projects/Iperf -------------------------- Jnettop allows administrators of routers to watch online traffic coming across the network in a fashion similar to the way top displays statistics about processes. It is useful for quickly evaluating the state of the network. Documentation and downloads are available at: http://jnettop.kubs.info --------------------------- LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filter based firewalls. LFT is the all-in-one traceroute tool because it can use many different trace methods and protocols such as ICMP, TCP, and UDP, as well as the RFC-1393 trace. More importantly, LFT implements numerous other features including AS number lookups based on global table prefix (not just the RIR), loose source routing, netblock name lookups, et al. Also inlcudes a nifty whois client named 'whob'. Documentation and downloads are available at: http://pwhois.org/lft/ --------------------------- liboping is a C library for measuring network latency using ICMP echo requests. It can send to and receive packets from multiple hosts in parallel, which is nice for monitoring applications. Both IPv4 and IPv6 are supported transparently for the programmer and user. Documentation and downloads are available at: http://verplant.org/liboping/ --------------------------- Mping is a system for collecting statistics over ping times and ping loss in a TCP/IP network. Documentation and downloads are available at: http://mping.uninett.no/about.en.html --------------------------- mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine. Documentation and downloads are available at: http://www.bitwizard.nl/mtr/ ---------------------------- Nettop is a program which looks like top, but is for network packets. Documentation and downloads are available at: http://srparish.net/scripts/ --------------------------- Ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. Documentation and downloads are available at: http://ngrep.sourceforge.net/ ---------------------------- p0f is a versatile passive OS fingerprinting and masquerade detection utility, to be used for evidence or information gathering on servers, firewalls, IDSes, and honeypots, for pen-testing, or just for the fun of it. It is a complete rewrite of p0f version 1 that used to be maintained by William Stearns. Home: http://lcamtuf.coredump.cx/p0f.shtml ----------------------------- poink is a TCP/IP-based ping implementation that does not require special privileges and is designed for multiuser shell systems. It is intended to be a secure replacement for the standard IPv4 network monitoring tool. Documentation and downloads are available at: http://lcamtuf.coredump.cx/soft/ ---------------------------- rate is a swiss-army-knife commandline traffic analysis tool, designed to help a network administrator to see what is happening at a router at the moment.Unlike tcpdump(1), rate uses statistical and stream-oriented methods, and will never produce an output stream at a speed beyond human perception. The output is less accurate, however.Rate features four different operating modes, designed to perform the following tasks: estimating overall traffic rates, determining nodes generating the highest traffic, determining connections and flows generating the highest traffic and extracting strings from packets. Documentation and downloads are available at: http://s-tech.elsat.net.pl/bmtools/ ---------------------------- Sendip is command line tool to send arbitrary IP packets. It has a large number of command line options to specify the content of every header of a NTP, BGP, RIP, RIPng, TCP, UDP, ICMP, or raw IPv4 or IPv6 packet. It also allows any data to be added to the packet. ---------------------------- shd-tcp-tools is a set of TCP network tools that supports port forwarding, network load balancing, rate limiting, and running servers behind firewalls. tcp-pf, listentwo, and connecttwo are port forwarding tools. tcppipe is a one-directional TCP pipe that can be used as a substitute for one-directional netcat transfers, but with load balancing and rate control support. tcp-pf can be used to forward a port from one host to another with load balancing and rate control support. network load balancing scheme means using an interface or destination host based on past transfer history. The listentwo and connecttwo tools can be used to run servers inside firewalled networks through third party TCP proxies. WWW: http://zakalwe.virtuaalipalvelin.net/~shd/foss/shd-tcp-tools/ ----------------------------- Sipcalc is an advanced console-based IP subnet calculator. It can take multiple forms of input (IPv4/IPv6/interface/hostname) and output a multitude of information about a given subnet. Documentation and downloads are available at: http://www.routemeister.net/projects/sipcalc ----------------------------- TcpCat is a very lightweight TCP utility. It takes an IP address and a TCP port as argument, connects to it, and gives the result back to stdout. It was written as a lightweight version of netcat. As such, it works like the Unix cat command, but instead of displaying a file it displays the result from a TCP service. Documentation and downloads are available at: http://www.opal.dhs.org/programs/tcpcat/ ----------------------------- tcping.Like pin' but on TCP-level. It connects to a host (+portnumber) and disconnects. It then measures how long this takes giving you an idea of the latency of the tcp-service you're testing. Be aware that the transmission across the network also takes time! Documentation and downloads are available at: http://www.vanheusden.com/Linux/index.php ------------------------------ tcptraceroute is a traceroute implementation using TCP SYN packets, instead of the more traditional UDP or ICMP ECHO packets. In doing so, it is able to trace through many common firewall filters. Home: http://michael.toren.net/code/tcptraceroute/ ------------------------------ tcptrack is a packet sniffer, which passively watches for connections on a specified network interface, tracks their states, and lists them in a manner similar to the Unix 'top' command. It displays source and destination addresses and ports, connection state, idle time, and bandwidth usage. Home: http://www.rhythm.cx/~steve/devel/tcptrack/ ------------------------------ Xprobe2 is a fuzzy remote OS fingerprinting tool. Xprobe2 functionality is heavily based on Xprobe, but also uses other OS fingerprinting techniques and is based on a signature base, which is matched in fuzzy manner. Xprobe2 has been completely rewritten from the scratch in C++. Home: http://xprobe.sourceforge.net/ -------------------------------