Network tools

From Helpful
Jump to: navigation, search

For other network related things, see:

Also:

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

Low-level tools

Download tools

You probably already know wget or curl. In that context, lftp is also interesting.

  • wget is a HTTP and FTP downloader, with some neat features geared towards those protocols
  • curl is like wget, with a different feature set and supporting some more protocols
  • lftp is a useful (mass) downloading tool that does HTTP, FTP, SFTP, and others

See also this comparison table

Watching traffic

Summaries

  • Many of the things that show connections (see below) also show the summary
  • slurm
  • nload

Watching connections

Top-like:

  • iptraf
  • iptstate (connections)
  • iftop (connections, speeds) - graphical feedback of speeds
  • tcptrack (connections, speeds)
  • jnettop (connections, speeds)
  • nethogs (speeds per program)
  • ibmonitor (speed per interface)
  • bmon (speed per interface, and also shows traffic shaping aggregates)
  • iptraf (fancier: connections, speeds, a number of specific statistics)
  • EtherApe graphically shows speeds between various hosts, and some protocol summary

(try an image search to get an idea of what they do)

Traffic inspectors

  • tcpdump takes packets from the network stack, and (with default options) gives you a short description. Also allows you to filter, write packets to the tcpdump file format (various utilities can read this). See also tcpdump notes.
  • Wireshark (previousy ethereal; which still exists but isn't being developed anymore) is similar but has a GUI, some more filter options (a different filter system), and more advanced packet decoding.
  • ssldump lets you notice SSL traffic (and decrypt it, given the right keys)


Content-geared, passive:

  • ngrep greps packets for contents. Can e.g. be used as a content-aware tcpdump alternative, in a pipe, or to filter tcpdump files after the fact.
  • driftnet picks out images from HTTP transfers and either saves them or displays them in X.
  • chaosreader interprets packet log files and snoops out files, emails, etc. from the common protocols that carry them (HTTP, FTP, SMTP)
  • dsniff is like chaosreader, but a little lower-level.

See also Wireless notes.

Reports and statistics

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

System/traffic reports

  • darkstat (standalone: snoops off interface, reports via embedded web server and simple graphs)
  • ntop does traffic analyses and rrd-style graphs (host-focused)

See also this list

Availability/health monitoring


Log analysis

(See also Web log analysis notes)


(Local) topology

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)


Lower level tools

This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me)

(relatively lower, or very-specific-purpose)

Utilities

  • traceroute [1]
  • lft ('layer four traceroute') [2]
  • bing
  • dnstracer

netcat and similar

  • netcat [6]
  • nc (on BSD systems. On other systems, nc may be a symlink to mc, the midnight commander)

Variations on netcat include:

  • cryptcat (like netcat, but with transport encryption)
  • socat (lower level) [7]
  • emcast (sort of a multicast netcat)
  • sbd [8] (sometimes noted to be a trojan, mostly because it allows remote execution)
  • pnetcat - python implementation of netcat [9]
  • netcat.pl - perl implementation of various netcat functionality



Uses of netcat include talking to your web server: 

# the -e is there so that \n gets interpreted as a newline
echo -e 'GET / HTTP/1.0\n' | netcat localhost 80


The utility can also create a listening (-l) TCP server (default) or UDP server (-u option) on a port, say 1111 (-p 1111): 

netcat -l -p 1111
netcat -l -u -p 1111

These will echo what they get. Since this uses stdin/stdout, this can be used for simple network pipes.

netcat servers can be useful to see whether connections are getting through, and see what's happening on them (try a lot of verbosity through -vv), which can be useful e.g. in protocol testing and testing whether your firewall is being overly protective.


You can do some basic port scanning, for example with a one-second timeout after connect, port 10-500) 

netcat -v -w 1 localhost -z 10-500



socat lets you access streams (stdin, stdout, stderr, named pipes), files, IO to executed subprocesses, pseudoterminals, networking using sockets, at link level, network level (IP), transport level (TCP, UDP), TCP/IP via a proxy, connections through SSL tunnels, and such. (see the man page)

See also the examples in the man page for an idea of what you can do.

Packet creation

Speed limit/stress testing



IP-to-location lookup

hostip

http://www.hostip.info/

Looks interesting and detailed, though it seems that you'll have to your own indexing.

Maxmind GeoIP

Has decent-resolution free (requires attribution) data sets, GeoLite:

There are better-resolution versions for pay.

Caching options:

  • None: GEOIP_STANDARD: reads everything from disk
  • Index only: GEOIP_INDEX_CACHE: index stored in memory, record read form disk: faster than standard, less memory usage than full. Often the smart choice for the more detailed datasets (like city)
  • Full: GEOIP_MEMORY_CACHE: Everything is loaded once and ket in memory and GEOIP_CHECK_CACHE same, but check the filesystem whether the db has changed and reload if so

IP2Location

http://www.ip2location.com/

Seems annoyingly paid-for.

Retrieved from "https://helpful.knobs-dials.com/index.php?title=Network_tools&oldid=58062"