Linux Network Monitoring Tools
Wireshark is tool for network monitoring, wireshark using as network administrator for capture and analyze network performance.
Usability Wireshark :
- Network Analyzer
- Capture data packets on network
- Can capture someone IP address,host,tcp and others via filter on wireshark
- Can using forensic tools, because wireshark like a double-edged knife
- Can using with command line e.g tshark
EtherApe is GUI tool for monitoring networks. EtherApe display network traffic monitoring graphically, on menu capture you can change this interface want using like wlan0, eth0 or lo0 (loopback). EtherApe is monitoring tools better because can capture live traffic or can read from tcpdump. The interface can also be refined using a network filter with pcap syntax.
Ethtool is text-based or CLI (command line interface), ethtool already there on Kali Linux. Ethtool using for display and monitoring some parametes in the network interface. It also can use for diagnose ethernet devices or interface and get more statistic from devices.
Nmap is tool for scan network to find vulnerabilities on network system. Nmap also allow to scan server for open ports or can also detect which OS, could use this for SQL Injection vulnerabilities, network discovery and other means to be related penetration testing.
Nmap have 2 interface, first can use with GUI (Graphical User Interface) and named Zenmap. Second, can use with CLI (Command Line Interface).
Traceroute is CLI tools as command for route display passed a packet that achieve the goal or make sure this packet achieve the goal.
Ngrep is a tool which are used for analyze packet sniffer easier to use and more concise output be compared tcpdump or tcpshow.
It’s pcap aware and will allow to specify extended regular or hexadecimal expressions to match against packets of.
Bmon stand for Bandwidth Monitoring, bmon is tools for capture network related statistic and display bandwidth use on the network. Bmon can also interact with trough curses or through scipting.
Netstat is a built-in tool that displays TCP network connections, routing tables and a number of network interfaces. It’s used to find problems in the network.
Instead of using netstat, it’s however preferable to use ss. The ss command is capable of showing more information than netstat and is actually faster. If you want a summary statistics you can use the command
Tcpdump will output a description of the contents of the packet it just captured which matches the expression that you provided in the command. You can also save the this data for further analysis.
Thanks maybe useful