Posted on Sunday March 13, 2016 by Eric Potvin
This suite of packet-sniffing tools allows you to monitor traffic on your network for sensitive data. It comes with a number of tools, including its namesake, dsniff, which allows you to sniff network traffic that could potentially contain items such as passwords. It comes with the additional tools filesnarf, mailsnarf, and urlsnarf that specialize in sniffing for filenames, mail passwords, and traffic and HTTP traffic. dsniff requires libnet (http://www.packetfactory.net/projects/libnet/) and libnids (http://www.packetfactory.net/projects/libnids/) for operation. You can find dsniff at http://monkey.org/~dugsong/dsniff/.
Ethereal is a network data-capture tool that can grab data off your network and read in the contents of tcpdump files or read in data from a variety of other sources. You can dissect and analyze a variety of data from a wide selection of protocols and can even edit the contents of captured traffic. Ethereal also comes with an X-based GUI tool that you can use to display data being captured in real time. You can find Ethereal at http://www.ethereal.com/.
The Ettercap suite simulates and sniffs for man-in-the-middle attacks on your network. It is capable of sniffing live connections and performing content filtering on the fly. It can support active and passive dissection of a number of protocols and has built-in fingerprinting capabilities with a large library of fingerprints. You can find Ettercap at http://ettercap.sourceforge.net/.
LIDS is a secured kernel designed to replace your existing kernel. It provides file-system protection, provides protection of processes (including hiding processes), introduces access control lists (ACLs) that allow you control access to applications, and contains some network security features and a port scanner detector. LIDS also has a built-in secured alerting system. You can find LIDS at http://www.lids.org/.
Netcat is similar in function to nmap but has some useful additional functionality. It is capable of the same network and port scanning as nmap but also allows you to send TCP/IP data. You can use it to open TCP connections, listen on arbitrary TCP and UDP ports, and send TCP and UDP packets. You can find Netcat at http://netcat.sourceforge.net/.
Snort is a packet-sniffing tool and intrusion-detection tool. It is a complex, powerful, and highly configurable tool. It can run in three modes: as a network sniffer reading packets off the network and displaying them, in packet logging mode logging those packets to disk, and in the last mode as a network intrusion detection tool. This allows you to match the packets against a series of rules. Some rules are provided by default, and you can also define your own; for example, as a new virus or worm is discovered, you can define a rule to detect that worm and identify any computers that may be infected. Snort can also perform actions, trigger events, or conduct alerting if it detects packets matching its or your rules.
You can find Snort at http://www.snort.org/.
One of the more useful tools in your security arsenal, the tcpdump command allows you to dump network traffic in the form of the headers of packets. You can select headers using Boolean expressions, collect packets from a particular interface, and use a variety of other options. You can display the packet headers on the console or log them to a file for later review. Most Linux systems come with the tcpdump command, or you can find it at http://www.tcpdump.org/.