Traffic Monitoring Hacking Tools


What’s going on within your network both from an ingress an egress POV is vital. We’ve updated these tools for 2020.


Need Help? Ask A Question

Posted by Henry Dalziel  |  December 16, 2019  |   Questions / Comments 0

Traffic Monitoring Hacking Tools

Recommended Tools  10
Henry Dalziel
Henry Dalziel | December 16, 2019

- C|EH, Security+, MSc Marketing Management;
- Based in Hong Kong for the last five years;
- Cybersecurity Pro & Growth Hacker


MONITOR EVERYTHING!

Understanding what is going in and out of your network is vital! If you are unfamiliar to this concept then go ahead and read up about ingress and egress traffic.

Clearly the first step is to understand what should be on your network and what shouldn’t be on your network! The tools listed on this resource we hope are of use to you. We’ve played with many of them and whilst there is no perfect solution they are all vital to learn how to use if you’d like to become a Penetration Tester or System Network Engineer or System Admin.

Please Share This Resource! [HINT: We'll LOVE YOU for it!]

10 Recommended Tools

Submit A Tool!

We'll promote it to our community.

Traffic Monitoring Hacking Tools

Wireshark

This tool is a network packet analyzer and this kind of tool will try to capture network packets used for analysis, network troubleshooting, education, software and communications. We've covered Wireshark a lot - the best summary, if you are new to it, would be here.

Argus

Argus can be used to help support network security management and network forensics and is compatible with Wireshark and nmap. With the right strategies, argus data can be mined to determine if you’ve been compromised or attacked historically after an attack has been announced and indicators-of-compromise (IOCs) have been established.

Is Argus Free?
Using Argus tool is free of charge!

Does Argus Work on all Operating Systems?
Argus works on Linux, MAC OS X and Windows operating systems. What are the Typical Uses for Argus? Argus can easily be adapted to be a network activity monitoring system, easily answering a variety of activity questions (such as bandwidth utilization). It can also be used to track network performance through the stack, and capture higher level protocol data. With additional mining techniques (such as utilizing moving averages), Argus data can be used for “spike tracking” of many fields.

Etherape

Etherape is a Graphical Network Monitor that is modeled after etherman. It features an IP, TCP and link-layer modes that displays network activity graphically. Links and hosts change in size with traffic. It also has a color-coded protocols displays. This tool supports Hardware and Protocols such as FDDI, Ethernet, ISDN, Token Ring, SLIP, PPP and WLAN devices plus a lot of encapsulation formats. EtherApe can filter traffic to be shown and can read packets coming from a file as well as life from the network. Node statistics can also be exported.

Is Etherape Free?
Yes, Etherape is free to use.

Does Etherape Work on all Operating Systems?
Etherape works on Linux and MAC OS X operating systems.

What are the Typical Uses for Etherape?
Etherape is primarily used to track several types of network traffic.

How Do You Install Argus?
We'd recommend you hit this link for more information.

Ettercap

Ettercap is an open source network security tool made for man in the middle attacks on local area networks. It works by ARP poisoning the computer systems and putting a network interface into promiscuous mode. Thereby it can unleash several attacks on its victims. It also has plugin support so features can be extended by putting new plugins.

Is Ettercap Free?
Ethercap is free and can be downloaded through their website which can be found on their website.

Does Ettercap Work on all Operating Systems?
It works on several operating systems including Windows, Mac OS X, and Linux.

What are the Typical Uses for Ettercap?
Ettercap is used to content filtering on the fly, sniff live connection and many more. It is also used for security auditing and computer network protocol analysis. It has the capability to intercept traffic on a network segment, conduct active eavesdropping against common protocols and also used to capture passwords.

How Do You Install Etherape?
Follow these commands (one line at a time)

sudo apt-get install zlib1g zlib1g-dev sudo apt-get install build-essential sudo apt-get install ettercap

Nagios

Nagios is a network and sytem monitoring application. It monitors services and hosts that you specify, alerting you when things go bad or when things get better. Some of the many features of Nagios include monitoring of your entire IT infrastructure, know immediately when problems arise, spot problems before they occure, detect security breaches, share availability data with stakeholders, plan, and budget for IT upgrades and reduce downtime and business losses.

Is Nagios Free?
This application is free to use.

Does Nagios Work on all Operating Systems?
Nagios is available for Linux operating systems.

What are the Typical Uses for Nagios?
Nagios is used to monitor network services such as SMTP, POP, HTTP, ICMP, NNTP etc. It is also used for monitoring host resources, contact notifications when host or service problems occur and gets resolved.

Ngrep

This tool has been mentioned a few other times in our directory. It is complementary to the other tools listed within this category. ngrep is similar to tcpdump, but it offers more in that it will show the ‘regular expression’ in the payload of a packet, and also demonstrate the matching packets on a screen or console. The end result is that the user (typically a penetration tester or network security engineer) will see all unencrypted traffic being passed over the network. You need to put the network interface into promiscuous mode in order for this to work.

Is Ngrep Free?
Downloading and using of Ngrep is free.

Does Ngrep Work on all Operating Systems?
It works on operating systems running Linux, Windows and MAC OS X.

What are the Typical Uses for Ngrep?
Ngrep is used to store traffic on the wire and store pcap dump files and read files generated by tools like tcpdump or wireshark.

Ntop

Ntop is a network probing tool used by cybersecurity professionals to show network usage. When in ‘interactive mode’ ntop displays the network status on an end-user’s terminal. If placed on ‘web mode’, this tool will behave like a web server and wil create an HTML dump of the network status. It supports a Flow emitter/NetFlow/collector which is an HTTP-based client interface for making ntop-centric monitoring applications and RRD for storing traffic statistics persistently.

Is Ntop Free?
Yes, Ntop is free to use.

Does Ntop Work on all Operating Systems?
Ntop works on Linux, Microsoft Windows and MAC OS X operating systems.

What are the Typical Uses for Ntop?
Ntop is used to show network usage in real time. You can use web browsers like Google Chrome or Mozilla to manage and navigate through traffic information to understand more about network status. It monitors and supports protocols like Decnet, DLC, AppleTalk, TCP/UDP/ICMP, (R)ARP, Netbios and IPX.

P0F

p0f is a very effective and well-known passive fingerprinting tool that comes highly recommended. p0f is a passive fingerprinting tool that can identify the machines you connect to, machines that connect to your box and even machines that go near your box even if that device is behind a packet firewall.

Is P0f Free?
The use of this tool is free.

Does P0f Work on all Operating Systems?
P0f works on Linux, Microsoft and MAC OS X operating systems.

What are the Typical Uses for P0f?
P0f is used to identify the target host’s operating system by simply examining packets captured even when the device is behind a packet firewall. It can also detect what kind of remote system is hooked up to or how far it is located. The latest beta can detect illegal network hook-ups. P0f can detect types of NAT setups and packet filters and can sometimes determine the ISP of the other person.

Solarwinds

SolarWinds Firewall Security Manager (FSM) is a great solution for organizations and companies who need reporting and expert management on their most critical security devices. Set-up and configuration of this product is pretty straightforward and multi clients can be deployed to allow multiple administrators to access the system.

Is SolarWinds Free?
No. SolarWinds is a paid product offered by an excellent and well-respected company.

Does SolarWinds Work on all Operating Systems?
SolarWinds works on Windows operating systems.

What are the Typical Uses for SolarWinds?
Uses of this tool includes network discovery scanners, router password decryption, SNMP brute force cracker and TCP connection reset program.

Splunk

Splunk captures, indexes and then correlates data in a searchable repository from which it can generate reports, graphs, alerts, visualization and dashboards. Considered as one of the best security tool, the sheer power of this thing is incredible. It can scale endlessly and also has the ability to cluster.

Is Splunk Free?
A commercial version is available. Free versions may also be offered.

Does Splunk Work on all Operating Systems?
Works natively for Linux and MAC OS X.

What are the Typical Uses for Splunk?
Splunk is used to search, monitor, report and analyze real time streaming and historical IT data. It can collect logs from different sources and make them searchable in a unified interface.

Traffic Monitoring Hacking Tools

Some Of Our Other Content

You might also like...

Should I use a VPN with Tor?
Should I use a VPN with Tor?

Using Tor alone is about 90% of the battle to stay anonymous online.

Blog Post

N00b Hacking
13 Offline Growth Hacks
13 Offline Growth Hacks

I list my favorite 13 Offline Growth Hacks! I've done some of these. Some are a bit out there!

Blog Post

Growth Marketing
Mobile Encryption Apps
Mobile Encryption Apps

Is WhatsApp safe? What about Telegram? There are dozens of mobile encryption apps...

List Review

Cyber Hacking
Password Cracking Tools
Password Cracking Tools

John The Ripper, Crowbar, L0phtcrack, Medusa, Rainbowcrack, THC Hydra and more!

List Review

Cyber Hacking

Summary

Previously Asked Questions (with Answers)

There are many possible reasons your Internet connection might seem to be slow. Potential problems include issues with your modem or router, Wi-Fi signal, signal strength on your cable line, the amount of devices on your network saturating your bandwidth, or even a slow DNS server. It does NOT necessarily mean that someone has installed some sort of hacking network device, software or tool on your network.

You can’t detect a fully passive sniffing tool (such as Wireshark) on the network when in “fully passive” mode because the software uses a network card with its TCP/IP stack disabled. That way the tool card will only listen and never talk, so it’s almost impossible to detect Wireshark.

Leave a Question or Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.