Debian Administrators Network Tools
ipfm - a bandwidth analysis tool
IPFM counts how much data was sent and received by specified hosts through an Internet link.
Install ipfm in debian
#apt-get install ipfm
After installation you will see the below message now you need to tune /etc/ipfm.conf config page for your setup
Starting IP Flow Meter: disabled, please tune /etc/ipfm.conf.
If you want more options and how to use ipefm check man page
ipgrab - Tcpdump-like utility that prints detailed header information
Ipgrab is a network debugging utility not unlike tcpdump except that it prints out detailed header field information for data link, network and transport layers.
Install ipgrab in debian
#apt-get install ipgrab
This will complete the installation.If you want to run ipgrab run the following command
#ipgrab
Output looks like below
--------------------------------------------------------------------------
IP Header
--------------------------------------------------------------------------
Version: 4
Header length: 5 (20 bytes)
TOS: 0x00
Total length: 40
Identification: 61408
Fragmentation offset: 0
Unused bit: 0
Don't fragment bit: 1
More fragments bit: 0
Time to live: 125
Protocol: 6 (TCP)
Header checksum: 39480
Source address: 17.2.22.2
Destination address: 17.9.5.13
--------------------------------------------------------------------------
TCP Header
--------------------------------------------------------------------------
Source port: 2319 (unknown)
Destination port: 22 (SSH)
Sequence number: 4203153703
Acknowledgement number: 3693124827
Header length: 5 (20 bytes)
Unused: 0
Flags: A
Window size: 64807
Checksum: 47397
Urgent: 0
**************************************************************************
Ethernet (1153393310.927926)
--------------------------------------------------------------------------
Hardware source: 00:60:83:7c:da:49
Hardware destination: 00:11:43:33:b3:ef
Type / Length: 0x800 (IP)
Media length: 60
--------------------------------------------------------------------------
If you want more options and how to use ipgrab check ipgrab man page
ipip - IP over IP Encapsulation Daemon
This daemon provides an alternative to the kernel-resident support for IP encapsulation links. It is better suited for situations where there are many encapsulation connections to be managed, such as is the case for amateur radio interconnection of network 44. Also, because the daemon is outside the kernel, it provides an excellent environment for experimenting with alternate mechanisms for distributing encapsulation routing updates.
If you need one encapsulation link, use the kernel's built-in support. If you need a lot of encapsulation links, give this daemon a try.
Install ipip in debian
#ipip
This will complete the installation with the following message
Starting /usr/sbin/ipip...
No interfaces defined
Now you need to go to /etc/ipip/ directory you need to configure the files config and routes for your environment
ipsc - IP Subnet Calculator for console
The IP Subnet Calculator is a tool that allows network administrators to make calculations that will assist in subnetting a network. You give the network class and subnet bits and you get back the maximum number of subnets, maximum number of hosts per subnet, a bimap showing the breakdown of network bits, subnet bits, and host bits, the decimal and hexadecimal class netmask, the decimal and hexadecimal subnet mask and lists subnets and host information. CIDR support and reverse engineer the network information for a particular interface (e.g. eth0, ppp0).
Install ipsc in debian
#apt-get install ipsc
If you want to use ipsc you need to follow this syntax
usage: ipsc [options] <addr/mask | addr/offset | addr>
If you want more options and how to use check ipsc man page
iptraf - Interactive Colorful IP LAN Monitor
IPTraf is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others.
Install iptraf in debian
#apt-get install iptraf
This will complete the installation now you need to run this program using the following command
#iptraf
this will disply a GUI for this program just follow the instructions on the screen to see your network interface
statistics iputils-tracepath - Tools to trace the network path to a remote host
The tracepath utility is similar to the traceroute utility, but also attempts to discover the MTU of the path.
This package also includes tracepath6 and traceroute6 utilities, which may be used on IPv6 networks.
Install iputils-tracepath in debian
#apt-get install iputils-tracepath
This will complete the installation now you need to run this program with the following command
#tracepath
Usage: tracepath [-n] <destination>[/<port>]
Example
# tracepath6 3ffe:2400:0:109::2
1?: [LOCALHOST] pmtu 1500
1: dust.inr.ac.ru 0.411ms
2: dust.inr.ac.ru asymm 1 0.390ms pmtu 1480
2: 3ffe:2400:0:109::2 463.514ms reached
Resume: pmtu 1480 hops 2 back 2
iputils-arping - Tool to send ICMP echo requests to an ARP address
The arping command acts like the standard ping command except it pings a machine by its ARP address instead of its IP address. It is typically used to locate a machine if its hardware address is known but its IP address is unknown
Install iputils-arping in debian
#apt-get install iputils-arping
This will complete the installation now you need to run this program with the following command
#arping
Usage: arping [-fqbDUAV] [-c count] [-w timeout] [-I device] [-s source] destination
For more options and how to use arping check arping man page
iputils-ping - Tools to test the reachability of network hosts
The ping command sends ICMP ECHO_REQUEST packets to a host in order to test if the host is reachable via the network.
This package includes a ping6 utility which supports IPv6 network connections.
Install iputils-ping in debian
#apt-get install iputils-ping
This will complete the installation now you need to run this program with the following command
#ping
For more options and how to use ping check ping man page
jnettop - View hosts/ports taking up the most network traffic
jNettop captures traffic comming across the host it is running on and displays streams sorted by bandwidth they use. Result is a nice listing of communication on network by host and port, how many bytes went through this transport and the bandwidth it is consuming.
Install jnettop in debian
#apt-get install jnettop
This will complete the installation now you need to run this program with the following command
#jnettop
This will display a GUI with all the network traffic comming across the host
knocker - a simple and easy to use TCP security port scanner
Knocker is a new, simple, and easy to use TCP security port scanner written in C, using threads. It is able to analyze hosts and the network services which are running on them.
The URL for this project is http://knocker.sourceforge.net/
Install knocker in debian
#apt-get install knocker
This will complete the installation now you need to run this program with the following command
#knocker -H 192.168.0.1 -SP 1 -EP 1024
Output looks like below
+-----------------------------------------------------------------------------+
|--=| k n o c k e r -- t h e -- n e t -- p o r t s c a n n e r |=-=[ 0.7.1 ]=-|
+-----------------------------------------------------------------------------+
- started by user root on Fri Jul 21 10:16:00 2006
- hostname to scan: 192.168.0.1
- resolved host ip: 192.168.0.1
- - scan from port: 1
- - - scan to port: 1024
- - - - scan type: tcp connect
+=- - - - - - - - - - - - - - - - - - - - - - - - - - - - - s c a n n i n g -
-=[ 21/tcp, ftp ]=- * OPEN *
-=[ 22/tcp, ssh ]=- * OPEN *
-=[ 80/tcp, www ]=- * OPEN *
-=[ 111/tcp, sunrpc ]=- * OPEN *
-=[ 113/tcp, auth ]=- * OPEN *
-=[ 199/tcp, smux ]=- * OPEN *
-=[ 607/tcp, nqs ]=- * OPEN *
+=- - - - - - - - - - - - - - - - - - - - - - - - - - - - c o m p l e t e d -
- scanned host name: 192.168.0.1 IP: 192.168.0.1
- found 7 open ports in a total of 1024 ports scanned.
- port scan completed in 0.10 seconds.
knockd - small port-knock daemon
A port-knock server that listens to all traffic on a given network interface (only Ethernet and PPP are currently supported), looking for a special "knock" sequences of port-hits. A remote system makes these port-hits by sending a TCP (or UDP) packet to a port on the server. When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file. This can be used to open up holes in a firewall for quick access.
Install knockd in debian
#apt-get install knockd
If you want how to use knockd and for examples check knockd man page
labrea - a "sticky" honeypot and IDS
LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time.
Install labrea in debian
#apt-get install labrea
How to use labrea and for configuration options check labrea man page