Traffic Monitoring Tools

Recommended Monitoring Software For 2017

Home / Hacker Tools / Top Ten / Traffic Monitoring Tools

What Is This Resource?
Understanding what is going in and out of your network is vital! If you are unfamiliar to this concept then go ahead and read up about ingress and egress traffic.

Clearly the first step is to understand what should be on your network and what shouldn’t be on your network! The tools listed on this resource we hope are of use to you. We’ve played with many of them and whilst there is no perfect solution they are all vital to learn how to use if you’d like to become a Penetration Tester or System Network Engineer or System Admin.

Quick Links (Tools Listed In This Resource):

To submit a tool please click here or for further information on the range of hacking tools and software that we list please follow this link.

Last Updated: September 23rd, 2017

Argus

Argus Resources: Books, Courses & Software



Professional Cybersecurity Courses | Free Training

Argus

Tool Category: Traffic Monitoring Tools

Cost of Tool: Free


What is Argus?
Argus can be used to help support network security management and network forensics. With the right strategies, argus data can be mined to determine if you’ve been compromised or attacked historically, after an attack has been announced and indicators-of-compromise (IOCs) have been established.

Is Argus Free?
Using Argus tool is free of charge!

Does Argus Work on all Operating Systems?
Argus works on Linux, MAC OS X and Windows operating systems.

What are the Typical Uses for Argus?
Argus can easily be adapted to be a network activity monitoring system, easily answering a variety of activity questions (such as bandwidth utilization). It can also be used to track network performance through the stack, and capture higher level protocol data. With additional mining techniques (such as utilizing moving averages), Argus data can be used for “spike tracking” of many fields.

EtherApe

EtherApe Resources: Books, Courses & Software



Professional Cybersecurity Courses | Free Training

EtherApe

Tool Category: Traffic Monitoring Tools

Cost of Tool: Free


What is Etherape?
Etherape is a Graphical Network Monitor that is modeled after etherman. It features an IP, TCP and link layer modes that displays network activity graphically. Links and hosts change in size with traffic. It also has a color coded protocols displays. This tool supports Hardware and Protocols such as FDDI, Ethernet, ISDN, Token Ring, SLIP, PPP and WLAN devices plus a lot of encapsulation formats. EtherApe can filter traffic to be shown and can read packets coming from a file as well as life from the network. Node statistics can also be exported.

Is Etherape Free?
Yes, Etherape is free to use.

Does Etherape Work on all Operating Systems?
Etherape works on Linux and MAC OS X operating systems.

What are the Typical Uses for Etherape?
Etherape is primarily used to track several types of network traffic.

Ettercap

Ettercap Resources: Books, Courses & Software



Professional Cybersecurity Courses | Free Training

Ettercap

Tool Category: Traffic Monitoring Tools

Cost of Tool: Free


What is Ettercap?
Ettercap is an open source network security tool made for man in the middle attacks on local area networks. It works by ARP poisoning the computer systems and putting a network interface into promiscuous mode. Thereby it can unlease several attacks on its victims. It also has a plugin support so features can be extended by putting new plugins.

Is Ettercap Free?
Ethercap is free and can be downloaded through their website which can be found here https://ettercap.github.io/ettercap/

Does Ettercap Work on all Operating Systems?
It works on several operating systems including Windows, MAC OS X and Linux.

What are the Typical Uses for Ettercap?
Ettercap is used to content filtering on the fly, sniff live connection and many more. It is also used for security auding and computer network protocol analysis. It has the capability to intercept traffic on a network segment, conduct active eavesdropping against common protocols and also used to capture passwords.

Nagios

Nagios Resources: Books, Courses & Software



Professional Cybersecurity Courses | Free Training

Nagios

Tool Category: Traffic Monitoring Tools

Cost of Tool: Free


What is Nagios?
Nagios is a network and sytem monitoring application. It monitors services and hosts that you specify, alerting you when things go bad or when things get better. Some of the many feature of Nagios include: monitoring of your entire IT infrastructure, know immediately when problems arise, spot problems before they occure, detect security breaches, share availability data with stakeholders, plan and budget for IT upgrades and reduce downtime and business losses.

Is Nagios Free?
This application is free to use.

Does Nagios Work on all Operating Systems?
Nagios is available for Linux operating systems.

What are the Typical Uses for Nagios?
Nagios is used to monitor network services such as SMTP, POP, HTTP, ICMP, NNTP etc. It is also used for monitoring host resources, contact notifications when host or service problems occur and gets resolved.

Ngrep

Ngrep Resources: Books, Courses & Software



Professional Cybersecurity Courses | Free Training

Ngrep

Tool Category: Traffic Monitoring Tools

Cost of Tool: Free


What is Ngrep?
This tool – ngrep – (which is a concatenation of ‘Network Grep’) is a network packet analyzer that works within the command line, and is reliant on the pcap library and the GNU regex library. ngrep is similar to tcpdump, but it offers more in that it will show the ‘regular expression’ in the payload of a packet, and also demonstrate the matching packets on a screen or console. The end result is that the user (typically a penetration tester or network security engineer) will see all unencrypted traffic being passed over the network. You need to put the network interface into promiscuous mode in order for this to work.

Is Ngrep Free?
Downloading and using of Ngrep is free.

Does Ngrep Work on all Operating Systems?
It works on operating systems running Linux, Windows and MAC OS X.

What are the Typical Uses for Ngrep?
Ngrep is used to store traffic on the wire and store pcap dump files and read files generated by tools like tcpdump or wireshark.

Ntop

Ntop Resources: Books, Courses & Software



Professional Cybersecurity Courses | Free Training

Ntop

Tool Category: Traffic Monitoring Tools

Cost of Tool: Free


What is Ntop?
Ntop is a network probing tool used by cybersecurity professionals to show network usage. When placed in ‘interactive mode’ ntop will display the network status on an end-user’s terminal. If placed on ‘web mode’, this tool will behave like a web server and wil create an HTML dump of the network status. It supports a Flow emitter/NetFlow/collector which is an HTTP-based client interface for making ntop-centric monitoring applications and RRD for storing traffic statistics persistently.

Is Ntop Free?
Yes, Ntop is free to use.

Does Ntop Work on all Operating Systems?
Ntop works on Linux, Microsoft Windows and MAC OS X operating systems.

What are the Typical Uses for Ntop?
Ntop is used to show network usage in real time. You can use web browsers like Google Chrome or Mozilla to manage and navigate through traffic information to understand more about network status. It monitors and supports protocols like Decnet, DLC, AppleTalk, TCP/UDP/ICMP, (R)ARP, Netbios and IPX.

p0f

p0f Resources: Books, Courses & Software



Professional Cybersecurity Courses | Free Training

p0f

Tool Category: Traffic Monitoring Tools

Cost of Tool: Free


What is P0f?
p0f is a passive fingerprinting tool that can identify the machines you connect to, machines that connect to your box and even machines that go near your box even if that device is behind a packet firewall.

Is P0f Free?
Use of this tool is free.

Does P0f Work on all Operating Systems?
P0f works on Linux, Microsoft and MAC OS X operating systems.

What are the Typical Uses for P0f?
P0f is used to identify the target host’s operating system by simply examining packets captured even when the device is behind a packet firewall. It can also detect what kind of remote system is hooked up to or how far it is located. The latest beta can detect illegal network hook-ups. P0f can detect types of NAT setups and packet filters and can sometimes determine the ISP of the other person.

SolarWinds

SolarWinds Resources: Books, Courses & Software



Professional Cybersecurity Courses | Free Training

SolarWinds

Tool Category: Traffic Monitoring Tools

Cost of Tool: Free


What is SolarWinds?
SolarWinds Firewall Security Manager (FSM) is a great solution for organizations and companies who need reporting and expert management on their most critical security devices. Set-up and configuration of this product is pretty straightforward and multi clients can be deployed to allow multiple administrators to access the system.

Is SolarWinds Free?
No. SolarWinds is a paid product offered by an excellent and well-respected company.

Does SolarWinds Work on all Operating Systems?
SolarWinds works on Windows operating systems.

What are the Typical Uses for SolarWinds?
Uses of this tool includes network discovery scanners, router password decryption, SNMP brute force cracker and TCP connection reset program.

Splunk

Splunk Resources: Books, Courses & Software



Professional Cybersecurity Courses | Free Training

Splunk

Tool Category: Traffic Monitoring Tools

Cost of Tool: Free


What is Splunk?
Splunk captures, indexes and then correlates data in a searchable repository from which it can generate reports, graphs, alerts, visualization and dashboards. Considered as one of the best security tool, the sheer power of this thing is incredible. It can scale endlessly and also has the ability to cluster.

Is Splunk Free?
A commercial version is available. Free versions may also be offered.

Does Splunk Work on all Operating Systems?
Works natively for Linux and MAC OS X.

What are the Typical Uses for Splunk?
Splunk is used to search, monitor, report and analyze real time streaming and historical IT data. It can collect logs from different sources and make them searchable in a unified interface.

[continued from top of page]