Traffic Monitoring Hacking Tools

What’s going on within your network both from an ingress an egress POV is vital. We’ve updated these tools for 2019.



monitor everything!

Understanding what is going in and out of your network is vital! If you are unfamiliar to this concept then go ahead and read up about ingress and egress traffic.

Clearly the first step is to understand what should be on your network and what shouldn’t be on your network! The tools listed on this resource we hope are of use to you. We’ve played with many of them and whilst there is no perfect solution they are all vital to learn how to use if you’d like to become a Penetration Tester or System Network Engineer or System Admin.


Traffic Monitoring Tools


What is Wireshark?
This tool is a network packet analyzer and this kind of tool will try to capture networks packets used for analysis, network troubleshooting, education, software and communications protocol development and display the packet data obtained as detailed as possible. Formerly named Ethereal, it was renamed to Wireshard in May of 2006 due to trademark issues. Wireshark is a cross platform that now uses the Qt widget in current releases to implement its user interface. If you know tcpdump, Wireshark is very similar to it, but has a graphical front-end and some integrated filtering and sorting options.

Wireshark support promiscuous mode that lets the user put network interface controllers into that mode, for them to see all traffic visible on that interface, not only the traffic directed to one of the interface’s configured addresses and broadcast/multicast traffic. But, when in promiscuous mode capturing with a packet analyzer on a port on a network switch, not all traffic through the switch is sent to the port where the capture is made, so capturing in this mode is not necessarily enough to see all network traffic. Various network taps such as Port Mirroring extend capture to any point on the network. Simple passive taps are greatly resistant to tampering. Wireshark 1.4 and later on GNU/Linux, BSD, and OS X, with libpcap 1.0.0 or later can also put wireless network interface controllers into monitor mode. When a remote computer machine captures packets and transmit the captured packets to a machine running Wireshark using the the protocol used by OmniPeek or the TZSP protocol, those packets are dissected by Wireshark, so it can analyze packets captured on a remote machine at the time that they are captured. In Wireshark, there are color codes and the users sees packets highlighted in black, blue and green. It helps users in identifying the types of traffic at one glance. Black color determines TCP packets with problems. Blue colors is the DNS traffic while Green is the TCP traffic.

Is Wireshark Free?
Wireshark is an open source and free packet analyzer. You can go to its website and download the installer that is compatible with your system.

Does Wireshark Work on all Operating Systems?
Wireshark uses pcap to capture packets and runs on OSX, GNU/Linus, Solaris, Microsoft Windows and other operating systems that are Unix like.

What are the Typical Uses for Wireshark?
People use Wireshark to troubleshoot problems with their network, examine problems with security, protocol implementations debugging and learn more about the network protocol internals.


Traffic Monitoring Tools


What is Argus?
Argus can be used to help support network security management and network forensics. With the right strategies, argus data can be mined to determine if you’ve been compromised or attacked historically, after an attack has been announced and indicators-of-compromise (IOCs) have been established.

Is Argus Free?
Using Argus tool is free of charge!

Does Argus Work on all Operating Systems?
Argus works on Linux, MAC OS X and Windows operating systems.

What are the Typical Uses for Argus?
Argus can easily be adapted to be a network activity monitoring system, easily answering a variety of activity questions (such as bandwidth utilization). It can also be used to track network performance through the stack, and capture higher level protocol data. With additional mining techniques (such as utilizing moving averages), Argus data can be used for “spike tracking” of many fields.


Traffic Monitoring Tools


What is Etherape?
Etherape is a Graphical Network Monitor that is modeled after etherman. It features an IP, TCP and link layer modes that displays network activity graphically. Links and hosts change in size with traffic. It also has a color coded protocols displays. This tool supports Hardware and Protocols such as FDDI, Ethernet, ISDN, Token Ring, SLIP, PPP and WLAN devices plus a lot of encapsulation formats. EtherApe can filter traffic to be shown and can read packets coming from a file as well as life from the network. Node statistics can also be exported.

Is Etherape Free?
Yes, Etherape is free to use.

Does Etherape Work on all Operating Systems?
Etherape works on Linux and MAC OS X operating systems.

What are the Typical Uses for Etherape?
Etherape is primarily used to track several types of network traffic.


Traffic Monitoring Tools


What is Ettercap?
Ettercap is an open source network security tool made for man in the middle attacks on local area networks. It works by ARP poisoning the computer systems and putting a network interface into promiscuous mode. Thereby it can unlease several attacks on its victims. It also has a plugin support so features can be extended by putting new plugins.

Is Ettercap Free?
Ethercap is free and can be downloaded through their website which can be found on their website. 

Does Ettercap Work on all Operating Systems?
It works on several operating systems including Windows, MAC OS X and Linux.

What are the Typical Uses for Ettercap?
Ettercap is used to content filtering on the fly, sniff live connection and many more. It is also used for security auditing and computer network protocol analysis. It has the capability to intercept traffic on a network segment, conduct active eavesdropping against common protocols and also used to capture passwords.


Traffic Monitoring Tools


What is Nagios?
Nagios is a network and sytem monitoring application. It monitors services and hosts that you specify, alerting you when things go bad or when things get better. Some of the many feature of Nagios include: monitoring of your entire IT infrastructure, know immediately when problems arise, spot problems before they occure, detect security breaches, share availability data with stakeholders, plan and budget for IT upgrades and reduce downtime and business losses.

Is Nagios Free?
This application is free to use.

Does Nagios Work on all Operating Systems?
Nagios is available for Linux operating systems.

What are the Typical Uses for Nagios?
Nagios is used to monitor network services such as SMTP, POP, HTTP, ICMP, NNTP etc. It is also used for monitoring host resources, contact notifications when host or service problems occur and gets resolved.


Traffic Monitoring Tools


What is Ngrep?
This tool – ngrep – (which is a concatenation of ‘Network Grep’) is a network packet analyzer that works within the command line, and is reliant on the pcap library and the GNU regex library. ngrep is similar to tcpdump, but it offers more in that it will show the ‘regular expression’ in the payload of a packet, and also demonstrate the matching packets on a screen or console. The end result is that the user (typically a penetration tester or network security engineer) will see all unencrypted traffic being passed over the network. You need to put the network interface into promiscuous mode in order for this to work.

Is Ngrep Free?
Downloading and using of Ngrep is free.

Does Ngrep Work on all Operating Systems?
It works on operating systems running Linux, Windows and MAC OS X.

What are the Typical Uses for Ngrep?
Ngrep is used to store traffic on the wire and store pcap dump files and read files generated by tools like tcpdump or wireshark.


Traffic Monitoring Tools


What is Ntop?
Ntop is a network probing tool used by cybersecurity professionals to show network usage. When placed in ‘interactive mode’ ntop will display the network status on an end-user’s terminal. If placed on ‘web mode’, this tool will behave like a web server and wil create an HTML dump of the network status. It supports a Flow emitter/NetFlow/collector which is an HTTP-based client interface for making ntop-centric monitoring applications and RRD for storing traffic statistics persistently.

Is Ntop Free?
Yes, Ntop is free to use.

Does Ntop Work on all Operating Systems?
Ntop works on Linux, Microsoft Windows and MAC OS X operating systems.

What are the Typical Uses for Ntop?
Ntop is used to show network usage in real time. You can use web browsers like Google Chrome or Mozilla to manage and navigate through traffic information to understand more about network status. It monitors and supports protocols like Decnet, DLC, AppleTalk, TCP/UDP/ICMP, (R)ARP, Netbios and IPX.


Traffic Monitoring Tools


What is P0f?
p0f is a passive fingerprinting tool that can identify the machines you connect to, machines that connect to your box and even machines that go near your box even if that device is behind a packet firewall.

Is P0f Free?
Use of this tool is free.

Does P0f Work on all Operating Systems?
P0f works on Linux, Microsoft and MAC OS X operating systems.

What are the Typical Uses for P0f?
P0f is used to identify the target host’s operating system by simply examining packets captured even when the device is behind a packet firewall. It can also detect what kind of remote system is hooked up to or how far it is located. The latest beta can detect illegal network hook-ups. P0f can detect types of NAT setups and packet filters and can sometimes determine the ISP of the other person.


Traffic Monitoring Tools


What is SolarWinds?
SolarWinds Firewall Security Manager (FSM) is a great solution for organizations and companies who need reporting and expert management on their most critical security devices. Set-up and configuration of this product is pretty straightforward and multi clients can be deployed to allow multiple administrators to access the system.

Is SolarWinds Free?
No. SolarWinds is a paid product offered by an excellent and well-respected company.

Does SolarWinds Work on all Operating Systems?
SolarWinds works on Windows operating systems.

What are the Typical Uses for SolarWinds?
Uses of this tool includes network discovery scanners, router password decryption, SNMP brute force cracker and TCP connection reset program.


Traffic Monitoring Tools


What is Splunk?
Splunk captures, indexes and then correlates data in a searchable repository from which it can generate reports, graphs, alerts, visualization and dashboards. Considered as one of the best security tool, the sheer power of this thing is incredible. It can scale endlessly and also has the ability to cluster.

Is Splunk Free?
A commercial version is available. Free versions may also be offered.

Does Splunk Work on all Operating Systems?
Works natively for Linux and MAC OS X.

What are the Typical Uses for Splunk?
Splunk is used to search, monitor, report and analyze real time streaming and historical IT data. It can collect logs from different sources and make them searchable in a unified interface.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.