A.4. Sources for Tools
This section gives basic information on
each tool discussed in this book. I have not included built-in tools
like
ps. The tools are listed alphabetically. I
have tried to make a note of which tools are specific to Windows, but
I did not list Windows tools separately, since many tools are
available for both Unix and Windows.
A few tools discussed in the book, particularly older tools, seem to
have no real home but may be available in some archives. This is
generally an indication that the tool is fading into oblivion and
should be used as a last alternative. (Some of these tools, however,
are alive and well as Linux packages or FreeBSD ports.) While I was
writing this book, a number of home pages for tools changed. Also,
several of the sites seem to be down more than they are up. I have
supplied the most recent information I have, but many of the tools
will have moved.
TIP:
These URLs are nothing more than starting points. If you can't
find the tool at the URL given here, consider doing an Internet
search. In fact, I really recommend doing your own search over using
this list. I find that I have the most luck with searches if I do a
compound search with the tool's name and the author's
last name.
WARNING:
That one version of a tool is safe, stable, and useful doesn't
mean the next version won't have severe problems. New programs
are introduced on an almost daily basis. So keep your eyes open.
- Analyzer -- Piero Viano
-
This is a protocol analyzer for Windows. (Directions are available
only in Italian.) http://netgroup-serv.polito.it/analyzer/
- argus -- Carter Bullard
-
This is a generic IP network transaction auditing tool. ftp://ftp.sei.cmu.edu/pub/argus-1.5
- arping -- [email protected]
-
This ping-like program uses ARP requests to
check reachability. http://synscan.nss.nu/programs.php
- arpwatch -- Lawrence Berkeley National Laboratory
-
This tool watches for new or changed MAC addresses. ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
- AWACS -- Georg Greve
-
This is log management software currently under development.
http://www.gnu.org/software/awacs/awacs.html
- bb -- BB4 Technologies, Inc.
-
This is web-based monitoring software. http://www.bb4.com/
- bind -- University of California at Berkeley and the Internet Software Consortium
-
This is the Berkeley Internet Name Daemon, i.e., domain name server
software. It includes a number of testing tools. http://www.isc.org/products/BIND/
- bing -- Pierre Beyssac
-
This tool measures point-to-point bandwidth. http://www.freenix.fr/freenix/logiciels/bing.html
- bluebird -- Shane O'Donnell et al.
-
This is a general network management applications framework.
http://www.opennms.org/
- bprobe and cprobe
-
These tools measure the bandwidth at the slowest link on a path.
ftp://cs-www.bu.edu/carter/probes.tar.Z
- cheops -- Mark Spencer
-
This is a Linux-based network management platform. http://www.marko.net/cheops/
- Chesapeake port scanner -- Mentor Technologies
-
This is a simple port scanner for Windows. http://www.mentortech.com/learn/tools/pscan.shtml
- clink -- Allen Downey
-
This is another pathchar variant, a tool for
measuring the bandwidth of links on a path. http://www.cs.colby.edu/~downey/clink/
- CMU SNMP -- Carnegie Mellon University
-
This set of SNMP tools has largely been superseded by NET SNMP. They
are still commonly available for Linux. http://www.gaertner.de/snmp/
- cpm -- CERT at Carnegie Mellon University
-
This tool checks to see if any interfaces are in promiscuous mode.
ftp://info.cert.org/pub/tools/cpm.tar.Z
- cricket -- Jeff Allen
-
This tool queries devices, collecting information over time,
typically router traffic, and graphs the collected information.
http://cricket.sourceforge.net/
- cyberkit -- Luc Neijens
-
This multipurpose Windows-based tool includes
ping, traceroute, scanning,
and SNMP. It is postcardware. http://www.cyberkit.net
- dig
-
Part of the bind distribution. This tool
retrieves domain name information from a server.
- dnsquery
-
Part of the bind distribution. This tool
retrieves domain name information from a server.
- dnsutl -- Peter Miller
-
This is a tool to simplify DNS configuration. http://www.pcug.org.au/~millerp/dnsutl/dnsutl.html
- dnswalk -- David Barr
-
This tool retrieves and analyzes domain name information from a
server. http://www.cis.ohio-state.edu/~barr/dnswalk/
- doc -- Steve Hotz, Paul Mockapetris, and Brad Knowles
-
This tool retrieves and analyzes domain name information from a
server.
- dsniff -- Dug Song
-
This is a set of utilities that can be used to test or breach the
security on your system. http://naughty.monkey.org/~dugsong/dsniff/
- echoping -- Stéphane Bortzmeyer
-
This is an alternative to ping that uses
protocols other than ICMP. ftp://ftp.internatif.org/pub/unix/echoping/
- egressor -- Mitre
-
This tool set verifies that your router will not forward packets with
spoofed addresses. http://www.packetfactory.net/Projects/Egressor/
- ethereal -- Gerald Combs et al.
-
This is a protocol analyzer that runs under X Window and Windows. It
requires GTK+, which in turn requires GLIB. http://www.ethereal.com
- fping -- Roland J. Schemers
-
This is a ping variant that can check multiple
systems in parallel. http://www.fping.com
- fressh -- FreSSH Organization
-
This is another alternative to ssh. http://www.fressh.org/
- getif -- Philippe Simonet
-
This is a multipurpose Windows tool that uses SNMP. http://www.wtcs.org/snmp4tpc/testing.htm
- gimp
-
This is an image manipulation program. It is also available for
Windows. http://www.gimp.org/
- GTK+ -- Peter Mattis, Spencer Kimball, and Josh MacDonald
-
This is a GUI development toolkit. Its libraries may be needed by
other tools. http://www.gtk.org/
- gtkportscan -- Rafael Barrero
-
This is a port scanner that is written in GTK+.
The last reported site was http://armageddon.splorg.org/gtkportscan/.
- GxSNMP
-
This is a network management applications framework. http://www.gxsnmp.org/
- h2n
-
This Perl tool translates a host table to name server file format.
ftp://ftp.uu.net/published/oreilly/nutshell/dnsbind/dns.tar.Z
- host
-
Part of the bind distribution. This tool
retrieves domain name information from a server.
- hping
-
Salvatore Sanfilippo. This tool sends custom packets and displays
responses. http://www.kyuzz.org/antirez/software.html
- iperf -- Mark Gates and Alex Warshavsky
-
This is a tool for measuring TCP and UDP bandwidth. http://dast.nlanr.net/Projects/Iperf/
- ipfilter -- Darren Reed
-
This is a set of programs to filter TCP/IP packets. It includes
ipsend, a tool to send custom packets.
http://coombs.anu.edu.au/~avalon/ip-filter.html
- ipload -- BTT Software
-
This is a load generator for Windows. http://www.bttsoftware.co.uk/ipload.html
- ipsend -- Darren Reed
-
This tool is part of the ipfilter package.
http://coombs.anu.edu.au/~avalon/ip-filter.html
- lamers -- Bryan Beecher
-
This tool checks for lame delegations in a DNS database. Its current
official location is unknown. The last reported official site:
ftp://terminator.cc.umich.edu/dns/lame-delegations.
I found links to copies at http://www.dns.net/dnsrd/tools.html.
- logcheck -- Craig Rowland
-
This log management tool is suitable for use with
syslog files. http://www.psionic.com/abacus/logcheck/
- lsof -- Victor Abell
-
This tool lists open files on a Unix system. ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
- MGEN -- Brian Adamson and Naval Research Laboratory
-
This tool set generates and receives traffic. It is used primarily
for load testing. http://manimac.itd.nrl.navy.mil/MGEN/
- mon -- Jim Trocki
-
This is a general purpose resource-monitoring system for host and
service availability. http://www.kernel.org/software/mon/
- mrtg -- Tobias Oetiker and Dave Rand
-
This tool queries devices, collects information over time (typically
router traffic) and graphs collected information. http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/
- mssh -- Metro State College of Denver
-
This is a version of ssh for Windows.
http://cs.mscd.edu/MSSH/index.html
- msyslog -- Core SDI
-
This is modular syslog, a replacement for
secure syslog. http://www.core-sdi.com/english/freesoft.html
- nam -- Steven McCanne and VINT
-
This is a Tcl/Tk-based network visualization and
animation tool. http://www.isi.edu/nsnam/nam/
- nemesis -- [email protected]
-
This tool generates a wide variety of custom IP packets. http://www.packetninja.net/nemesis/
- nessus -- Jordan Hrycij and Renaud Deraison
-
This is a security scanning and auditing tool. http://www.nessus.org/
- NET SNMP -- Wes Hardaker
-
This is an updated version of CMU SNMP. It is postcardware.
http://net-snmp.sourceforge.net/
- netcat -- [email protected]
-
This simple utility reads and writes data across network connections.
It is available for both Unix and Windows. http://www.l0pht.com/~weld/netcat/
- netmon
-
Supplied with Microsoft NT Server. This is network-monitoring
software. A basic, stripped-down version of the netmon.exe program is
supplied with Microsoft NT Server. The full version is part of
Microsoft's System Management Server.
- netperf -- Hewlett-Packard
-
This is network benchmarking and performance measurement software.
http://www.netperf.org/netperf/NetperfPage.html
- nfswatch -- Dave Curry and Jeff Mogul
-
This is a tool for watching NFS traffic. The last known site was
ftp://ftp.cerias/purdue.edu/pub/tools/unix/netutils/nfswatch/.
- nhfsstone -- Legato Systems
-
This is a tool for benchmarking NFS traffic. Current availability is
unknown, but it was originally from http://www.legato.com.
- NIST Net -- National Institute of Standards and Technology
-
This is a network emulation package that runs on Linux. http://is2.antd.nist.gov/itg/nistnet/
- nmap -- [email protected]
-
This is a general scanning and probing tool with lots of
functionality including OS fingerprinting. http://www.insecure.org/nmap
- nocol -- Netplex Technologies, Inc.
-
This is system- and network-monitoring software. http://www.netplex-tech.com/software/nocol/
- ns -- Steven McCanne, Sally Floyd, and VINT
-
This is a network simulator for protocol performance and scaling.
http://www.isi.edu/nsnam/ns/
- nslookup
-
Part of the bind distribution. This tool
retrieves domain name information from a server.
- ntop -- Luca Deri
-
This is a versatile tool for monitoring network usage. http://www.ntop.org/ntop.html
- ntpd -- David Mills
-
This is a collection of tools to set and coordinate system clocks
using NTP. http://www.eecis.udel.edu/~ntp/
- openssh
-
This is another version of ssh. http://www.openssh.com/
- p0f -- Michal Zalewski
-
This is a passive stack fingerprinting system.
http://lcamtuf.hack.pl/p0f-1.7.tgz
- pathchar -- Van Jacobson
-
This program measures the bandwidth of the links along a network
path. ftp://ftp.ee.lbl.gov/ or
http://ee.lbl.gov/
- pchar -- Bruce Mah
-
This tool is a reimplementation of pathchar.
http://www.employees.org/~bmah/Software/pchar/
- portscan -- Tennessee Carmel-Veilleux
-
This is a simple port scanner. http://www.ameth.org/~veilleux/portscan.html
- putty -- Simon Tatham
-
This is a Windows implementation of ssh.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
- Qcheck -- Ganymede
-
This is a Windows network benchmarking tool. http://www.qcheck.net
- queso -- [email protected]
-
This is an OS fingerprinting tool. http://savage.apostols.org/projects.html
- ripquery
-
Part of the gated distribution. This tool
retrieves the routing table from a system running RIP. http://www.gated.org/
- rrd -- Tobias Oetiker
-
This is a round-robin database system useful for collecting and
archiving data over time. http://ee-staff.ethz.ch/~oetiker/webtools/rrdtool/
- rtquery
-
Part of the routed distribution. This is a tool
for retrieving the routing table from a system running RIP.
- samspade -- Steve Atkins
-
This is a multipurpose Windows tool with a wide range of features.
http://samspade.org/ssw/
- Sanitize -- Vern Paxson
-
This is a set of Bourne scripts that use the standard Unix utilities
sed and awk. It is used to
clean up tcpdump traces to ensure privacy.
http://ita.ee.lbl.gov/html/contrib/sanitize.html
- scion -- Merit Networks, Inc.
-
This is network statistics collection and reporting software (also
called NetSCARF.) It is also available for
Windows. http://www.merit.edu/internet/net-research/netscarf/
- scotty -- Jürgen Schönwälder
-
This provides network management extension to the
Tcl/Tk language. http://wwwhome.cs.utwente.nl/~schoenw/scotty/
- SFS -- SPEC
-
This is a commercial (but nonprofit) NFS benchmark. http://www.spec.org
- siphon -- Subterrain Security Group
-
This is a passive OS fingerprinter. The last known site was
http://www.subterrain.net/projects/siphon/.
- sl4nt -- Franz Krainer
-
This is a Windows replacement for syslogd.
http://www.netal.com/SL4NT03.htm
- SNMP for Perl 5 -- Simon Leinen
-
This is a package of Perl 5 modules providing SNMP support.
http://www.switch.ch/misc/leinen/snmp/perl/
- sock -- W. Richard Stevens
-
This is a tool for generating traffic. It is a companion tool for
Steven's book, TCP/IP Illustrated, vol.
1, The Protocols. ftp://ftp.uu.net/published/books/stevens.tcpipiv1.tar.Z
- socket -- Juergen Nickelsen
-
This program creates a TCP socket connected to
stdin and stdout.
http://home.snafu.de/jn/socket/
- spidermap -- H. D. Moore
-
This is a set of Perl scripts for network scanning. http://www.secureaustin.com
- spray
-
This tool sends a burst of packets for load testing typically
included with many systems.
- ssh -- Tatu Ylönen
-
This is a secure replacement for r-services. http://www.ssh.com/
- ssyslog -- Core SDI
-
This is a secure replacement for syslog. It has
been replaced by modular syslog. http://www.core-sdi.com/english/freesoft.html
- strobe -- Julian Assange
-
This program locates all listening TCP ports on a remote machine. The
last known official site was ftp://suburbia.net/pub/strobe.tgz.
- swatch -- Todd Atkins
-
This log management tool is suitable for use with
syslog files. http://www.stanford.edu/~atkins/swatch/
- syslog-ng -- BalaBit IT Ltd.
-
This is an enhanced syslog that features
filtering and sorting logs to different destinations. http://www.balabit.hu/en/products/syslog-ng/
- Tcl/Tk -- John Ousterhout
-
This is a general scripting language that has been extended to
support many network management tasks. http://dev.scriptics.com
- tcpdpriv -- Greg Minshall
-
This program sanitizes tcpdump trace files.
http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html
- tcpdump -- Van Jacobson, Craig Leres, and Steven McCanne
-
This is command-line-based packet capture program. http://ee.lbl.gov/, http://www.tcpdump.org, or ftp://ftp.ee.lbl.gov/tcpdump.tar.Z
- tcpflow -- Jeremy Elson
-
This is a capture program that separates traffic into individual
flows. http://www.circlemud.org/~jelson/software/tcpflow
- tcp-reduce -- Vern Paxson
-
The program tcp-reduce and its companion program
tcp-summary are Bourne shell scripts used to
selectively extract information from tcpdump
trace files. http://ita.ee.lbl.gov/html/contrib/tcp-reduce.html
- tcpshow -- Mike Ryan
-
This program reads and decodes tcpdump files.
The official home for this is unknown, but it is available in several
archives such as http://www.cerias.purdue.edu/coast/archive/.
- tcpslice -- Vern Paxson
-
This tool is used to create subsets of tcpdump
trace files. ftp://ftp.ee.lbl.gov/tcpslice.tar.Z or
http://www.tcpdump.org/related.html
- tcp-summary -- Vern Paxson
-
The program tcp-reduce and its companion program
tcp-reduce are Bourne shell scripts used to
selectively extract information from tcpdump
trace files. http://ita.ee.lbl.gov/html/contrib/tcp-reduce.html
- tcptrace -- Shawn Ostermann
-
This is a tcpdump trace analysis program.
http://www.tcptrace.org
- tcpwrappers -- Wietse Venema
-
This daemon sits between user and services to log and manage
connections. ftp://ftp.porcupine.org/pub/security/index.html
- teraterm -- T. Teranishi
-
This is a Windows telnet client that can be extended to support SSH.
(See also TTSSH.) http://hp.vector.co.jp/authors/VA002416/teraterm.html
- tjping -- Top Jimmy
-
This is a ping and
traceroute program for Windows. http://www.topjimmy.net/tjs/
- tkined -- Jürgen Schönwälder
-
This provides a network management program based on
scotty and Tcl/Tk.
http://wwwhome.cs.utwente.nl/~schoenw/scotty/
- tmetric -- Michael Bacarella
-
This tool finds available bandwidth. http://netgraft.com/downloads/tmetric/
- top -- William LeFebvre
-
This displays the most active processes on a system. http://www.groupsys.com/top/about.html
- traceroute -- Van Jacobson
-
This reconstructs the route taken by packets over a network. It is
probably supplied with your system. ftp://ftp.ee.lbl.gov/ or http://ee.lbl.gov/
- trafshow -- Vladimir Vorobyev
-
This full screen traffic capture program gives a continuous update on
network traffic. Its last reported site was http://www.rinetsoft.nsk.su/trafshow/index_en.html.
- trayping -- Mike Gleason
-
This is a Windows tool that monitors connectivity using
ping. http://www.ncftpd.com/winstuff/trayping/
- treno -- Matt Mathis
-
This is a tool to measure the bulk transfer capacity. ftp://ftp.psc.edu/pub/net_tools/
- tripwire -- Eugene Spafford and Gene Kim
-
This is a system integrity checker. http://www.tripwire.com or http://www.tripwire.org
- ttcp -- Mike Muuss
-
This is a load testing program for TCP. ftp://ftp.arl.mil/pub/ttcp/ttcp.c
- TTSSH
-
This is a set of SSH extensions for Windows telnet program,
teraterm. http://www.zip.com.au/~roca/ttssh.html
- vnc -- AT&T Laboratories, Cambridge
-
This tool displays X Window and Windows desktops on remote systems.
http://www.uk.research.att.com/vnc/
- WinDump and WinDump95 -- Loris Degioanni, Piero Viano, and Fulvio Risso
-
These are ports of tcpdump to Windows NT and
Windows 95/98. http://netgroup-serv.polito.it/windump/
- winping -- Rich Morgan
-
This is another ping utility for Windows.
http://www.cheap-price.com/winping/
- xinetd -- Panos Tsirigotis
-
This is a secure replacement for the inetd
utility. http://www.synack.net/xinetd/
- xlogmaster -- Georg Greve
-
This is Greve's older log management software. You may want to
check on the status of AWACS before using it.
http://www.gnu.org/software/xlogmaster/
- xplot -- David Clark
-
A tool for graphing data in an X Window environment. There are
several programs with this name, so be sure you have the right one.
ftp://mercury.lcs.mit.edu/pub/shep/
- xv -- John Bradley
-
This is a modestly priced shareware program for the interactive
display of images from an X Window system. You should probably try
gimp first. ftp://ftp.cis.upenn.edu/pub/xv
| | |
A.3. Licenses | | B. Resources and References |