Networking tools

Get netcat to replace telnet.

Perl Module Installation

To install the Net::SNMP module and all of it's dependencies directly from the Comprehensive Perl Archive Network (CPAN) execute the command:

sudo aptitude install lynx
sudo aptitude install ncftp
sudo perl -MCPAN -e "install Net::SNMP"

The Net::SNMP module can also be installed using the distribution file downloaded from CPAN. After unpacking the file, while in the top level directory of the distribution, create a makefile by running Perl against Makefile.PL and then run make:

perl Makefile.PL
make
make test
sudo make install

Install Perl modules for CSV2Ledger

Use the cpan script:

sudo cpan YAML sudo cpan Text::CSV

Remote Access

Remote Desktop Connection

Remote maintenance of a Windows server can be easy, using rdesktop and its GTK front-end tsclient.

sudo aptitude install rdesktop tsclient

http://en.wikipedia.org/wiki/Image:Tsclient_screenshot.png

SSH

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator.

Download at least:

  • PuTTY (the Telnet and SSH client itself) and
  • Plink (a command-line interface to the PuTTY back ends).

WinSSHD is an SSH, SFTP and SCP server for Windows. It is robust, easy to install, easy to use, and works well with a variety of SSH clients, including Tunnelier, OpenSSH, and PuTTY. WinSSHD is developed and supported professionally by Bitvise.

SSH Filesystem

SSHFS is a filesystem client based on the SSH File Transfer Protocol, allowing one to mount remote directories.

sudo aptitude install sshfs

Since most SSH servers already support this protocol it is very easy to set up: i.e., on the server side, there's nothing to do.

On the client side, mounting the filesystem is as easy as logging into the server with ssh:

sshfs user@host:/dir /mnt/<mountpoint>

But, before that:

# add my user to the "fuse" group (to allow more than one user access)
sudo adduser $USER fuse

# change the group of "/dev/fuse" to "fuse"
sudo chgrp fuse /dev/fuse

# set "fusermount" for execute for all (so that you can mount as a normal user)
sudo chmod +x /bin/fusermount

Then, log out (not just the terminal, out of X too) before trying to mount a filesystem, and make a mountpoint directory on your machine before mounting the remote filesystem:

mkdir /mnt/<mountpoint>

To unmount, you will have to use this:

fusermount -u /mnt/<mountpoint>

Footprinting

Traceroute

sudo aptitude install traceroute

SNMP Walk

sudo aptitude install snmp

Getif

Getif (Windows) is a free multi-functional network tool which is, amongst other things, an excellent SNMP utility that allows you to collect and graph information from SNMP devices.

Nmap

sudo aptitude install nmap nmapfe

ArpWatch

Analyzer

Have a (deep) look at "Hack Proofing Your Network".

Wireshark

Wireshark (ex-Ethereal) (Linux, Windows) is a network protocol analyzer.

sudo aptitude install wireshark

Ngrep

sudo aptitude install ngrep
sudo ngrep -Wbyline port 119
ngrep -Wbyline host your.imap.server

Dsniff

dsniff is a collection of tools for network auditing and penetration testing.

sudo aptitude install dsniff

dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).

arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching).

sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

Ettercap

sudo aptitude install ettercap

Sniffit!

sudo aptitude install sniffit

Intrusion Detection System

Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba.

sudo aptitude install snort snort-common snort-common-libraries
sudo aptitude install snort-doc oink-master

Wireless

Wicrawl

For Ubuntu, as described in doc/BUILDING:

sudo aptitude install libpcap0.8-dev libxml-smart-perl libgtk2-perl libssl-dev

Then:

make
make -n install   # test install run
sudo make install

http://midnightresearch.com/local/images/wicrawl-ss.jpg

Kismet

sudo aptitude install kismet

Edit (as root) the file /etc/kismet/kismet.conf, and change the source string to something like (in my case):

source=ipw2200,eth1,Intel
  • If you don't know your relevant network driver, view the Kismet Readme and scroll down to the section "12. Capture Sources". My driver is ipw2200.
  • If you don't know your wireless interface name, use iwconfig to find it. Mine is eth1.

Install the Festival speech system.

Edit (as root) /etc/kismet/kismet_ui.conf:

speech=true

Run Kismet as root:

sudo kismet

http://www.kismetwireless.net/screenshot/main.gif

Wlassistant

Measurement Tools

Bing

Bing is a point-to-point bandwidth tester based on ping.

sudo aptitude install bing

PChar