asked on
Knowing any FREE Linux security network monitoring and testing tools?
Hi Guys,
I am working on a project and looking for tools to monitor and test the network setting and configurating. I am trying to hit and break the system as much as I can. If you guys expert out there know any tools or links to the tools can send to me, I really appreciated.
Thanks,
BBB
I am working on a project and looking for tools to monitor and test the network setting and configurating. I am trying to hit and break the system as much as I can. If you guys expert out there know any tools or links to the tools can send to me, I really appreciated.
Thanks,
BBB
Linux Networking
Last Comment
wesly_chen
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi Wesly,
I am looking at the tcpdump now. Do you know what option can give me the actual data that packets capured? Thanks.
I am looking at the tcpdump now. Do you know what option can give me the actual data that packets capured? Thanks.
ntop is good....just dont leave it running for months on end as its likely to have some negative impact on your system. Its _very_ useful for getting snapshots of what is happening at specific times.
http://www.ntop.org/
Mark
http://www.ntop.org/
Mark
to answer your tcpdump question, firstly I'd suggest that you look at the man pages as the options are numerous (man tcpdump).
However, to get you started,
tcpdump -i eth0 -q
will give you some very quick information on current packets. You can use the verbose options if you need more information that what the quick (-q) option gives you.
Example
======
[root@ns02 root]# tcpdump -i eth0 -q
tcpdump: listening on eth0
11:10:20.022180 ns0.http > 150.254.181.184.5527: tcp 1360 (DF)
11:10:20.023340 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:20.066180 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:20.066578 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:20.066268 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:20.142607 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:20.242163 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
11:10:20.243309 ns0.http > 150.254.181.184.52459: tcp 1360 (DF)
11:10:20.244085 150.254.181.184.5527 > ns0.http: tcp 0 (DF)
11:10:20.313452 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:20.313689 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:20.342923 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:20.462155 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:20.463329 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
11:10:20.542964 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:20.545186 150.254.181.184.52459 > ns0.http: tcp 0 (DF)
11:10:20.682140 ns0.http > 150.254.181.184.5527: tcp 1360 (DF)
11:10:20.683324 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:20.759709 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:20.760065 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:20.759796 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:20.759883 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:20.902153 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
11:10:20.903325 ns0.http > 150.254.181.184.52459: tcp 1360 (DF)
11:10:20.943349 150.254.181.184.5527 > ns0.http: tcp 0 (DF)
11:10:20.944814 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:20.979607 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:20.979793 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:21.050060 150.254.181.184.52459 > ns0.http: tcp 0 (DF)
11:10:21.122154 ns0.http > 150.254.181.184.5527: tcp 1360 (DF)
11:10:21.123330 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:21.131882 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:21.132060 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:21.132713 fw-ext.35592 > 66.102.11.99.http: tcp 0 (DF)
11:10:21.144385 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:21.244162 66.102.11.99.http > fw-ext.35592: tcp 0
11:10:21.244480 fw-ext.35592 > 66.102.11.99.http: tcp 0 (DF)
11:10:21.341074 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:21.341257 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:21.342340 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:21.343449 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:21.346638 150.254.181.184.5527 > ns0.http: tcp 0 (DF)
11:10:21.410298 198.149.178.6.isakmp > spamcatch.dfk-systems.com.
11:10:21.415791 fw-ext.58754 > recovery.domain: udp 55 (DF)
11:10:21.443996 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:21.446912 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:21.491292 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:21.525327 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:21.525556 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:21.562155 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
11:10:21.563297 ns0.http > 150.254.181.184.52459: tcp 1360 (DF)
11:10:21.590765 recovery.domain > fw-ext.58754: udp 113 (DF)
11:10:21.709858 150.254.181.184.52459 > ns0.http: tcp 0 (DF)
11:10:21.771511 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:21.771760 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:21.782143 ns0.http > 150.254.181.184.5527: tcp 1360 (DF)
11:10:21.783291 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:21.845110 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:22.002148 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:22.003294 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:22.044699 150.254.181.184.5527 > ns0.http: tcp 0 (DF)
11:10:22.046128 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:22.103596 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:22.103782 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:22.106726 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:22.150577 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:22.196274 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:22.196454 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:22.222139 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
11:10:22.223286 ns0.http > 150.254.181.184.52459: tcp 1360 (DF)
11:10:22.370166 150.254.181.184.52459 > ns0.http: tcp 0 (DF)
11:10:22.442140 ns0.http > 150.254.181.184.5527: tcp 1360 (DF)
11:10:22.443286 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:22.445424 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:22.541675 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:22.541863 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:22.662142 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:22.663306 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
80 packets received by filter
0 packets dropped by kernel
Hit ctrl-c to stop it.....
Rgds
Mark
However, to get you started,
tcpdump -i eth0 -q
will give you some very quick information on current packets. You can use the verbose options if you need more information that what the quick (-q) option gives you.
Example
======
[root@ns02 root]# tcpdump -i eth0 -q
tcpdump: listening on eth0
11:10:20.022180 ns0.http > 150.254.181.184.5527: tcp 1360 (DF)
11:10:20.023340 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:20.066180 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:20.066578 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:20.066268 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:20.142607 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:20.242163 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
11:10:20.243309 ns0.http > 150.254.181.184.52459: tcp 1360 (DF)
11:10:20.244085 150.254.181.184.5527 > ns0.http: tcp 0 (DF)
11:10:20.313452 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:20.313689 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:20.342923 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:20.462155 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:20.463329 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
11:10:20.542964 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:20.545186 150.254.181.184.52459 > ns0.http: tcp 0 (DF)
11:10:20.682140 ns0.http > 150.254.181.184.5527: tcp 1360 (DF)
11:10:20.683324 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:20.759709 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:20.760065 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:20.759796 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:20.759883 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:20.902153 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
11:10:20.903325 ns0.http > 150.254.181.184.52459: tcp 1360 (DF)
11:10:20.943349 150.254.181.184.5527 > ns0.http: tcp 0 (DF)
11:10:20.944814 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:20.979607 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:20.979793 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:21.050060 150.254.181.184.52459 > ns0.http: tcp 0 (DF)
11:10:21.122154 ns0.http > 150.254.181.184.5527: tcp 1360 (DF)
11:10:21.123330 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:21.131882 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:21.132060 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:21.132713 fw-ext.35592 > 66.102.11.99.http: tcp 0 (DF)
11:10:21.144385 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:21.244162 66.102.11.99.http > fw-ext.35592: tcp 0
11:10:21.244480 fw-ext.35592 > 66.102.11.99.http: tcp 0 (DF)
11:10:21.341074 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:21.341257 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:21.342340 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:21.343449 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:21.346638 150.254.181.184.5527 > ns0.http: tcp 0 (DF)
11:10:21.410298 198.149.178.6.isakmp > spamcatch.dfk-systems.com.
11:10:21.415791 fw-ext.58754 > recovery.domain: udp 55 (DF)
11:10:21.443996 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:21.446912 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:21.491292 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:21.525327 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:21.525556 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:21.562155 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
11:10:21.563297 ns0.http > 150.254.181.184.52459: tcp 1360 (DF)
11:10:21.590765 recovery.domain > fw-ext.58754: udp 113 (DF)
11:10:21.709858 150.254.181.184.52459 > ns0.http: tcp 0 (DF)
11:10:21.771511 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:21.771760 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:21.782143 ns0.http > 150.254.181.184.5527: tcp 1360 (DF)
11:10:21.783291 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:21.845110 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:22.002148 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:22.003294 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:22.044699 150.254.181.184.5527 > ns0.http: tcp 0 (DF)
11:10:22.046128 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:22.103596 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:22.103782 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:22.106726 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:22.150577 150.254.181.184.35178 > ns0.http: tcp 0 (DF)
11:10:22.196274 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:22.196454 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:22.222139 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
11:10:22.223286 ns0.http > 150.254.181.184.52459: tcp 1360 (DF)
11:10:22.370166 150.254.181.184.52459 > ns0.http: tcp 0 (DF)
11:10:22.442140 ns0.http > 150.254.181.184.5527: tcp 1360 (DF)
11:10:22.443286 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:22.445424 150.254.181.184.31555 > ns0.http: tcp 0 (DF)
11:10:22.541675 rm41.thdo.bbc.co.uk.http > fw-ext.34268: tcp 1348 (DF)
11:10:22.541863 fw-ext.34268 > rm41.thdo.bbc.co.uk.http: tcp 0 (DF)
11:10:22.662142 ns0.http > 150.254.181.184.35178: tcp 1360 (DF)
11:10:22.663306 ns0.http > 150.254.181.184.31555: tcp 1360 (DF)
80 packets received by filter
0 packets dropped by kernel
Hit ctrl-c to stop it.....
Rgds
Mark
> what option can give me the actual data that packets capured?
If the data is encrypted, then you can not see the data in packets.
I used "snoop" command in Solaris to capture the data on telnet session.
http://www.ussg.iu.edu/usail/man/solaris/snoop.1.html
Wesly
If the data is encrypted, then you can not see the data in packets.
I used "snoop" command in Solaris to capture the data on telnet session.
http://www.ussg.iu.edu/usail/man/solaris/snoop.1.html
Wesly
ASKER
Do you know any other tools that can help me monitoring in real time? thanks.
> monitoring in real time
Snort-The Open Source Network Intrusion Detection System
http://www.snort.org/
Wesly
Snort-The Open Source Network Intrusion Detection System
http://www.snort.org/
Wesly
Here is a list of network security tools:
http://www.insecure.org/tools.html
I also recommend
Ethereal - network protocol analyzer, comes with a lot of Linux distribution:
http://www.ethereal.com/
TCPDump - very famous text-based network packet analyzer, similar to Ethereal, almost all the Linux include it:
http://www.tcpdump.org/
Windows version:
http://windump.polito.it/
Regards,
Wesly