4

Open Source Linux network analyzer

Which are there? What features do they offer?

Martin K.
  • 750
  • 2
  • 10
  • 24

11 Answers11

22

What exactly do you need?

  • wireshark - network sniffer/analyzer
  • iftop - bandwidth usage
  • darkstat - traffic analyzer
  • nmap - network port scanner
  • nessus - vulnerability scanner
  • metasploit - penetration testing
ko-dos
  • 1,359
  • 8
  • 10
5

Can't believe nobody mentioned tcpdump. Click on the link to see the list of features

dmityugov
  • 756
  • 4
  • 5
4

ntop is a solution that has been around for a while, can be extended with plugins. Here is a short how-to.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
3

Wireshark (formerly ethereal) is my favorite.

James
  • 407
  • 2
  • 4
3

A few more:

  • lanmap2 - sits quietly on a network and builds a picture of what it sees.
  • kismet - wireless sniffer
  • nikto - web server scanner
  • nast - another network sniffer/analyzer
user14099
  • 31
  • 2
1

A missing tool from the list is ettercap. A text-based tool to analyse a subnet and perform active or passive scans of the subnet. It can also monitor packets and display streams.

Paul de Vrieze
  • 131
  • 3
1

If you need a network traffic analyzer you can use tshark (it's the console version of wireshark).

Marthellius
  • 31
  • 2
0

MRTG for nice pretty pictures and graphs (management p0rn) via SNMP monitoring. does everything i need, but if u dont list your requirements its quite hard to guess what you want.

MattB
  • 116
  • 3
0

p0f - passive OS fingerprinting (http://lcamtuf.coredump.cx/p0f.shtml)

martineg
  • 150
  • 7
0

for reconaissance / mostly real time analysis:

  • tshark - text-only version of wireshark when tcpdump is too cryptic.
  • httpry - simple nice passive http protocol sniffer.
  • ngrep - displays payload of selected traffic
pQd
  • 29,561
  • 5
  • 64
  • 106
0

If you need a network intrusion IDS/IPS tool, Snort is one such open source tool.

fpmurphy
  • 841
  • 6
  • 13