Debian Administrators Network Tools

ipfm - a bandwidth analysis tool

IPFM counts how much data was sent and received by specified hosts through an Internet link.

Install ipfm in debian

#apt-get install ipfm

After installation you will see the below message now you need to tune /etc/ipfm.conf config page for your setup

Starting IP Flow Meter: disabled, please tune /etc/ipfm.conf.

If you want more options and how to use ipefm check man page

ipgrab - Tcpdump-like utility that prints detailed header information

Ipgrab is a network debugging utility not unlike tcpdump except that it prints out detailed header field information for data link, network and transport layers.

Install ipgrab in debian

#apt-get install ipgrab

This will complete the installation.If you want to run ipgrab run the following command


Output looks like below

IP Header
Version: 4
Header length: 5 (20 bytes)
TOS: 0x00
Total length: 40
Identification: 61408
Fragmentation offset: 0
Unused bit: 0
Don't fragment bit: 1
More fragments bit: 0
Time to live: 125
Protocol: 6 (TCP)
Header checksum: 39480
Source address:
Destination address:
TCP Header
Source port: 2319 (unknown)
Destination port: 22 (SSH)
Sequence number: 4203153703
Acknowledgement number: 3693124827
Header length: 5 (20 bytes)
Unused: 0
Flags: A
Window size: 64807
Checksum: 47397
Urgent: 0
Ethernet (1153393310.927926)
Hardware source: 00:60:83:7c:da:49
Hardware destination: 00:11:43:33:b3:ef
Type / Length: 0x800 (IP)
Media length: 60

If you want more options and how to use ipgrab check ipgrab man page

ipip - IP over IP Encapsulation Daemon

This daemon provides an alternative to the kernel-resident support for IP encapsulation links. It is better suited for situations where there are many encapsulation connections to be managed, such as is the case for amateur radio interconnection of network 44. Also, because the daemon is outside the kernel, it provides an excellent environment for experimenting with alternate mechanisms for distributing encapsulation routing updates.

If you need one encapsulation link, use the kernel's built-in support. If you need a lot of encapsulation links, give this daemon a try.

Install ipip in debian


This will complete the installation with the following message

Starting /usr/sbin/ipip...
No interfaces defined

Now you need to go to /etc/ipip/ directory you need to configure the files config and routes for your environment

ipsc - IP Subnet Calculator for console

The IP Subnet Calculator is a tool that allows network administrators to make calculations that will assist in subnetting a network. You give the network class and subnet bits and you get back the maximum number of subnets, maximum number of hosts per subnet, a bimap showing the breakdown of network bits, subnet bits, and host bits, the decimal and hexadecimal class netmask, the decimal and hexadecimal subnet mask and lists subnets and host information. CIDR support and reverse engineer the network information for a particular interface (e.g. eth0, ppp0).

Install ipsc in debian

#apt-get install ipsc

If you want to use ipsc you need to follow this syntax

usage: ipsc [options] <addr/mask | addr/offset | addr>

If you want more options and how to use check ipsc man page

iptraf - Interactive Colorful IP LAN Monitor

IPTraf is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others.

Install iptraf in debian

#apt-get install iptraf

This will complete the installation now you need to run this program using the following command


this will disply a GUI for this program just follow the instructions on the screen to see your network interface
statistics iputils-tracepath - Tools to trace the network path to a remote host

The tracepath utility is similar to the traceroute utility, but also attempts to discover the MTU of the path.

This package also includes tracepath6 and traceroute6 utilities, which may be used on IPv6 networks.

Install iputils-tracepath in debian

#apt-get install iputils-tracepath

This will complete the installation now you need to run this program with the following command


Usage: tracepath [-n] <destination>[/<port>]


# tracepath6 3ffe:2400:0:109::2
1?: [LOCALHOST] pmtu 1500
1: 0.411ms
2: asymm 1 0.390ms pmtu 1480
2: 3ffe:2400:0:109::2 463.514ms reached
Resume: pmtu 1480 hops 2 back 2

iputils-arping - Tool to send ICMP echo requests to an ARP address

The arping command acts like the standard ping command except it pings a machine by its ARP address instead of its IP address. It is typically used to locate a machine if its hardware address is known but its IP address is unknown

Install iputils-arping in debian

#apt-get install iputils-arping

This will complete the installation now you need to run this program with the following command


Usage: arping [-fqbDUAV] [-c count] [-w timeout] [-I device] [-s source] destination

For more options and how to use arping check arping man page

iputils-ping - Tools to test the reachability of network hosts

The ping command sends ICMP ECHO_REQUEST packets to a host in order to test if the host is reachable via the network.

This package includes a ping6 utility which supports IPv6 network connections.

Install iputils-ping in debian

#apt-get install iputils-ping

This will complete the installation now you need to run this program with the following command


For more options and how to use ping check ping man page

jnettop - View hosts/ports taking up the most network traffic

jNettop captures traffic comming across the host it is running on and displays streams sorted by bandwidth they use. Result is a nice listing of communication on network by host and port, how many bytes went through this transport and the bandwidth it is consuming.

Install jnettop in debian

#apt-get install jnettop

This will complete the installation now you need to run this program with the following command


This will display a GUI with all the network traffic comming across the host

knocker - a simple and easy to use TCP security port scanner

Knocker is a new, simple, and easy to use TCP security port scanner written in C, using threads. It is able to analyze hosts and the network services which are running on them.

The URL for this project is

Install knocker in debian

#apt-get install knocker

This will complete the installation now you need to run this program with the following command

#knocker -H -SP 1 -EP 1024

Output looks like below

|--=| k n o c k e r -- t h e -- n e t -- p o r t s c a n n e r |=-=[ 0.7.1 ]=-|

- started by user root on Fri Jul 21 10:16:00 2006

- hostname to scan:
- resolved host ip:
- - scan from port: 1
- - - scan to port: 1024
- - - - scan type: tcp connect

+=- - - - - - - - - - - - - - - - - - - - - - - - - - - - - s c a n n i n g -

-=[ 21/tcp, ftp ]=- * OPEN *
-=[ 22/tcp, ssh ]=- * OPEN *
-=[ 80/tcp, www ]=- * OPEN *
-=[ 111/tcp, sunrpc ]=- * OPEN *
-=[ 113/tcp, auth ]=- * OPEN *
-=[ 199/tcp, smux ]=- * OPEN *
-=[ 607/tcp, nqs ]=- * OPEN *

+=- - - - - - - - - - - - - - - - - - - - - - - - - - - - c o m p l e t e d -

- scanned host name: IP:

- found 7 open ports in a total of 1024 ports scanned.

- port scan completed in 0.10 seconds.

knockd - small port-knock daemon

A port-knock server that listens to all traffic on a given network interface (only Ethernet and PPP are currently supported), looking for a special "knock" sequences of port-hits. A remote system makes these port-hits by sending a TCP (or UDP) packet to a port on the server. When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file. This can be used to open up holes in a firewall for quick access.

Install knockd in debian

#apt-get install knockd

If you want how to use knockd and for examples check knockd man page

labrea - a "sticky" honeypot and IDS

LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time.

Install labrea in debian

#apt-get install labrea

How to use labrea and for configuration options check labrea man page