Sources for Tools

This section gives basic information on each tool discussed in this tutorial. I have not included built-in tools like ps. The tools are listed alphabetically. I have tried to make a note of which tools are specific to Windows, but I did not list Windows tools separately, since many tools are available for both Unix and Windows. A few tools discussed in the tutorial, particularly older tools, seem to have no real home but may be available in some archives. This is generally an indication that the tool is fading into oblivion and should be used as a last alternative. (Some of these tools, however, are alive and well as Linux packages or FreeBSD ports.) While I was writing this tutorial, a number of home pages for tools changed. Also, several of the sites seem to be down more than they are up. I have supplied the most recent information I have, but many of the tools will have moved.

TIP: These URLs are nothing more than starting points. If you can't find the tool at the URL given here, consider doing an Internet search. In fact, I really recommend doing your own search over using this list. I find that I have the most luck with searches if I do a compound search with the tool's name and the author's last name.

WARNING: That one version of a tool is safe, stable, and useful doesn't mean the next version won't have severe problems. New programs are introduced on an almost daily basis. So keep your eyes open.

Analyzer -- Piero Viano
This is a protocol analyzer for Windows. (Directions are available only in Italian.) http://netgroup-serv.polito.it/analyzer/
argus -- Carter Bullard
This is a generic IP network transaction auditing tool. ftp://ftp.sei.cmu.edu/pub/argus-1.5
arping -- marvin@nss.nu
This ping-like program uses ARP requests to check reachability. http://synscan.nss.nu/programs.php
arpwatch-- Lawrence Berkeley National Laboratory
This tool watches for new or changed MAC addresses. ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
AWACS-- Georg Greve
This is log management software currently under development. http://www.gnu.org/software/awacs/awacs.html
bb-- BB4 Technologies, Inc.
This is web-based monitoring software. http://www.bb4.com/
bind-- University of California at Berkeley and the Internet Software Consortium
This is the Berkeley Internet Name Daemon, i.e., domain name server software. It includes a number of testing tools. http://www.isc.org/products/BIND/
bing-- Pierre Beyssac
This tool measures point-to-point bandwidth. http://www.freenix.fr/freenix/logiciels/bing.html
bluebird-- Shane O'Donnell et al.
This is a general network management applications framework. http://www.opennms.org/
bprobe and cprobe
These tools measure the bandwidth at the slowest link on a path. ftp://cs-www.bu.edu/carter/probes.tar.Z
cheops-- Mark Spencer
This is a Linux-based network management platform. http://www.marko.net/cheops/
Chesapeake port scanner -- Mentor Technologies
This is a simple port scanner for Windows. http://www.mentortech.com/learn/tools/pscan.shtml
clink-- Allen Downey
This is another pathchar variant, a tool for measuring the bandwidth of links on a path. http://www.cs.colby.edu/~downey/clink/
CMU SNMP -- Carnegie Mellon University
This set of SNMP tools has largely been superseded by NET SNMP. They are still commonly available for Linux. http://www.gaertner.de/snmp/
cpm-- CERT at Carnegie Mellon University
This tool checks to see if any interfaces are in promiscuous mode. ftp://info.cert.org/pub/tools/cpm.tar.Z
cricket-- Jeff Allen
This tool queries devices, collecting information over time, typically router traffic, and graphs the collected information. http://cricket.sourceforge.net/
cyberkit-- Luc Neijens
This multipurpose Windows-based tool includes ping, traceroute, scanning, and SNMP. It is postcardware. http://www.cyberkit.net
dig
Part of the bind distribution. This tool retrieves domain name information from a server.
dnsquery
Part of the bind distribution. This tool retrieves domain name information from a server.
dnsutl-- Peter Miller
This is a tool to simplify DNS configuration. http://www.pcug.org.au/~millerp/dnsutl/dnsutl.html
dnswalk-- David Barr
This tool retrieves and analyzes domain name information from a server. http://www.cis.ohio-state.edu/~barr/dnswalk/
doc-- Steve Hotz, Paul Mockapetris, and Brad Knowles
This tool retrieves and analyzes domain name information from a server.
dsniff -- Dug Song
This is a set of utilities that can be used to test or breach the security on your system. http://naughty.monkey.org/~dugsong/dsniff/
echoping-- St�phane Bortzmeyer
This is an alternative to ping that uses protocols other than ICMP. ftp://ftp.internatif.org/pub/unix/echoping/
egressor -- Mitre
This tool set verifies that your router will not forward packets with spoofed addresses. http://www.packetfactory.net/Projects/Egressor/
ethereal-- Gerald Combs et al.
This is a protocol analyzer that runs under X Window and Windows. It requires GTK+, which in turn requires GLIB. http://www.ethereal.com
fping-- Roland J. Schemers
This is a ping variant that can check multiple systems in parallel. http://www.fping.com
fressh-- FreSSH Organization
This is another alternative to ssh. http://www.fressh.org/
getif-- Philippe Simonet
This is a multipurpose Windows tool that uses SNMP. http://www.wtcs.org/snmp4tpc/testing.htm
gimp
This is an image manipulation program. It is also available for Windows. http://www.gimp.org/
GTK+ -- Peter Mattis, Spencer Kimball, and Josh MacDonald
This is a GUI development toolkit. Its libraries may be needed by other tools. http://www.gtk.org/
gtkportscan-- Rafael Barrero
This is a port scanner that is written in GTK+. The last reported site was http://armageddon.splorg.org/gtkportscan/.
GxSNMP
This is a network management applications framework. http://www.gxsnmp.org/
h2n
This Perl tool translates a host table to name server file format. ftp://ftp.uu.net/published/anonymous/nutshell/dnsbind/dns.tar.Z
host
Part of the bind distribution. This tool retrieves domain name information from a server.
hping
Salvatore Sanfilippo. This tool sends custom packets and displays responses. http://www.kyuzz.org/antirez/software.html
iperf -- Mark Gates and Alex Warshavsky
This is a tool for measuring TCP and UDP bandwidth. http://dast.nlanr.net/Projects/Iperf/
ipfilter-- Darren Reed
This is a set of programs to filter TCP/IP packets. It includes ipsend, a tool to send custom packets. http://coombs.anu.edu.au/~avalon/ip-filter.html
ipload-- BTT Software
This is a load generator for Windows. http://www.bttsoftware.co.uk/ipload.html
ipsend-- Darren Reed
This tool is part of the ipfilter package. http://coombs.anu.edu.au/~avalon/ip-filter.html
lamers-- Bryan Beecher
This tool checks for lame delegations in a DNS database. Its current official location is unknown. The last reported official site: ftp://terminator.cc.umich.edu/dns/lame-delegations. I found links to copies at http://www.dns.net/dnsrd/tools.html.
logcheck-- Craig Rowland
This log management tool is suitable for use with syslog files. http://www.psionic.com/abacus/logcheck/
lsof-- Victor Abell
This tool lists open files on a Unix system. ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
MGEN-- Brian Adamson and Naval Research Laboratory
This tool set generates and receives traffic. It is used primarily for load testing. http://manimac.itd.nrl.navy.mil/MGEN/
mon-- Jim Trocki
This is a general purpose resource-monitoring system for host and service availability. http://www.kernel.org/software/mon/
mrtg-- Tobias Oetiker and Dave Rand
This tool queries devices, collects information over time (typically router traffic) and graphs collected information. http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/
mssh-- Metro State College of Denver
This is a version of ssh for Windows. http://cs.mscd.edu/MSSH/index.html
msyslog-- Core SDI
This is modular syslog, a replacement for secure syslog. http://www.core-sdi.com/english/freesoft.html
nam-- Steven McCanne and VINT
This is a Tcl/Tk-based network visualization and animation tool. http://www.isi.edu/nsnam/nam/
nemesis-- obecian@celerity.bartoli.org
This tool generates a wide variety of custom IP packets. http://www.packetninja.net/nemesis/
nessus-- Jordan Hrycij and Renaud Deraison
This is a security scanning and auditing tool. http://www.nessus.org/
NET SNMP-- Wes Hardaker
This is an updated version of CMU SNMP. It is postcardware. http://net-snmp.sourceforge.net/
netcat-- hobbit@avian.org
This simple utility reads and writes data across network connections. It is available for both Unix and Windows. http://www.l0pht.com/~weld/netcat/
netmon
Supplied with Microsoft NT Server. This is network-monitoring software. A basic, stripped-down version of the netmon.exe program is supplied with Microsoft NT Server. The full version is part of Microsoft's System Management Server.
netperf-- Hewlett-Packard
This is network benchmarking and performance measurement software. http://www.netperf.org/netperf/NetperfPage.html
nfswatch-- Dave Curry and Jeff Mogul
This is a tool for watching NFS traffic. The last known site was ftp://ftp.cerias/purdue.edu/pub/tools/unix/netutils/nfswatch/.
nhfsstone-- Legato Systems
This is a tool for benchmarking NFS traffic. Current availability is unknown, but it was originally from http://www.legato.com.
NIST Net-- National Institute of Standards and Technology
This is a network emulation package that runs on Linux. http://is2.antd.nist.gov/itg/nistnet/
nmap-- fyodor@dhp.com
This is a general scanning and probing tool with lots of functionality including OS fingerprinting. http://www.insecure.org/nmap
nocol-- Netplex Technologies, Inc.
This is system- and network-monitoring software. http://www.netplex-tech.com/software/nocol/
ns-- Steven McCanne, Sally Floyd, and VINT
This is a network simulator for protocol performance and scaling. http://www.isi.edu/nsnam/ns/
nslookup
Part of the bind distribution. This tool retrieves domain name information from a server.
ntop-- Luca Deri
This is a versatile tool for monitoring network usage. http://www.ntop.org/ntop.html
ntpd-- David Mills
This is a collection of tools to set and coordinate system clocks using NTP. http://www.eecis.udel.edu/~ntp/
openssh
This is another version of ssh. http://www.openssh.com/
p0f-- Michal Zalewski
This is a passive stack fingerprinting system http://lcamtuf.hack.pl/p0f-1.7.tgz
pathchar-- Van Jacobson
This program measures the bandwidth of the links along a network path. ftp://ftp.ee.lbl.gov/ or http://ee.lbl.gov/
pchar-- Bruce Mah
This tool is a reimplementation of pathchar. http://www.employees.org/~bmah/Software/pchar/
portscan-- Tennessee Carmel-Veilleux
This is a simple port scanner. http://www.ameth.org/~veilleux/portscan.html
putty-- Simon Tatham
This is a Windows implementation of ssh. http://www.chiark.greenend.org.uk/~sgtatham/putty/
Qcheck-- Ganymede
This is a Windows network benchmarking tool. http://www.qcheck.net
queso-- savage@apostols.org
This is an OS fingerprinting tool. http://savage.apostols.org/projects.html
ripquery
Part of the gated distribution. This tool retrieves the routing table from a system running RIP. http://www.gated.org/
rrd-- Tobias Oetiker
This is a round-robin database system useful for collecting and archiving data over time. http://ee-staff.ethz.ch/~oetiker/webtools/rrdtool/
rtquery
Part of the routed distribution. This is a tool for retrieving the routing table from a system running RIP.
samspade-- Steve Atkins
This is a multipurpose Windows tool with a wide range of features. http://samspade.org/ssw/
Sanitize-- Vern Paxson
This is a set of Bourne scripts that use the standard Unix utilities sed and awk. It is used to clean up tcpdump traces to ensure privacy. http://ita.ee.lbl.gov/html/contrib/sanitize.html
scion-- Merit Networks, Inc.
This is network statistics collection and reporting software (also called NetSCARF.) It is also available for Windows. http://www.merit.edu/internet/net-research/netscarf/
scotty-- Jürgen Schönwälder
This provides network management extension to the Tcl/Tk language. http://wwwhome.cs.utwente.nl/~schoenw/scotty/
SFS -- SPEC
This is a commercial (but nonprofit) NFS benchmark. http://www.spec.org
siphon-- Subterrain Security Group
This is a passive OS fingerprinter. The last known site was http://www.subterrain.net/projects/siphon/.
sl4nt-- Franz Krainer
This is a Windows replacement for syslogd. http://www.netal.com/SL4NT03.htm
SNMP for Perl 5-- Simon Leinen
This is a package of Perl 5 modules providing SNMP support. http://www.switch.ch/misc/leinen/snmp/perl/
sock-- W. Richard Stevens
This is a tool for generating traffic. It is a companion tool for Steven's tutorial, TCP/IP Illustrated, vol. 1, The Protocols. ftp://ftp.uu.net/published/tutorials/stevens.tcpipiv1.tar.Z
socket-- Juergen Nickelsen
This program creates a TCP socket connected to stdin and stdout. http://home.snafu.de/jn/socket/
spidermap-- H. D. Moore
This is a set of Perl scripts for network scanning. http://www.secureaustin.com
spray
This tool sends a burst of packets for load testing typically included with many systems.
ssh-- Tatu Ylönen
This is a secure replacement for r-services. http://www.ssh.com/
ssyslog-- Core SDI
This is a secure replacement for syslog. It has been replaced by modular syslog. http://www.core-sdi.com/english/freesoft.html
strobe-- Julian Assange
This program locates all listening TCP ports on a remote machine. The last known official site was ftp://suburbia.net/pub/strobe.tgz.
swatch-- Todd Atkins
This log management tool is suitable for use with syslog files. http://www.stanford.edu/~atkins/swatch/
syslog-ng -- BalaBit IT Ltd.
This is an enhanced syslog that features filtering and sorting logs to different destinations. http://www.balabit.hu/en/products/syslog-ng/
Tcl/Tk-- John Ousterhout
This is a general scripting language that has been extended to support many network management tasks. http://dev.scriptics.com
tcpdpriv-- Greg Minshall
This program sanitizes tcpdump trace files. http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html
tcpdump-- Van Jacobson, Craig Leres, and Steven McCanne
This is command-line-based packet capture program. http://ee.lbl.gov/, http://www.tcpdump.org, or ftp://ftp.ee.lbl.gov/tcpdump.tar.Z
tcpflow-- Jeremy Elson
This is a capture program that separates traffic into individual flows.http://www.circlemud.org/~jelson/software/tcpflow
tcp-reduce-- Vern Paxson
The program tcp-reduce and its companion program tcp-summary are Bourne shell scripts used to selectively extract information from tcpdump trace files. http://ita.ee.lbl.gov/html/contrib/tcp-reduce.html
tcpshow -- Mike Ryan
This program reads and decodes tcpdump files. The official home for this is unknown, but it is available in several archives such as http://www.cerias.purdue.edu/coast/archive/.
tcpslice-- Vern Paxson
This tool is used to create subsets of tcpdump trace files. ftp://ftp.ee.lbl.gov/tcpslice.tar.Z or http://www.tcpdump.org/related.html
tcp-summary-- Vern Paxson
The program tcp-reduce and its companion program tcp-reduce are Bourne shell scripts used to selectively extract information from tcpdump trace files. http://ita.ee.lbl.gov/html/contrib/tcp-reduce.html
tcptrace -- Shawn Ostermann
This is a tcpdump trace analysis program. http://www.tcptrace.org
tcpwrappers-- Wietse Venema
This daemon sits between user and services to log and manage connections. ftp://ftp.porcupine.org/pub/security/index.html
teraterm-- T. Teranishi
This is a Windows telnet client that can be extended to support SSH. (See also TTSSH.) http://hp.vector.co.jp/authors/VA002416/teraterm.html
tjping -- Top Jimmy
This is a ping and traceroute program for Windows. http://www.topjimmy.net/tjs/
tkined-- Jürgen Schönwälder
This provides a network management program based on scotty and Tcl/Tk. http://wwwhome.cs.utwente.nl/~schoenw/scotty/
tmetric-- Michael Bacarella
This tool finds available bandwidth. http://netgraft.com/downloads/tmetric/
top -- William LeFebvre
This displays the most active processes on a system. http://www.groupsys.com/top/about.html
traceroute-- Van Jacobson
This reconstructs the route taken by packets over a network. It is probably supplied with your system. ftp://ftp.ee.lbl.gov/ or http://ee.lbl.gov/
trafshow-- Vladimir Vorobyev
This full screen traffic capture program gives a continuous update on network traffic. Its last reported site was http://www.rinetsoft.nsk.su/trafshow/index_en.html.
trayping-- Mike Gleason
This is a Windows tool that monitors connectivity using ping. http://www.ncftpd.com/winstuff/trayping/
treno -- Matt Mathis
This is a tool to measure the bulk transfer capacity. ftp://ftp.psc.edu/pub/net_tools/
tripwire -- Eugene Spafford and Gene Kim
This is a system integrity checker. http://www.tripwire.com or http://www.tripwire.org
ttcp-- Mike Muuss
This is a load testing program for TCP. ftp://ftp.arl.mil/pub/ttcp/ttcp.c
TTSSH
This is a set of SSH extensions for Windows telnet program, teraterm. http://www.zip.com.au/~roca/ttssh.html
vnc-- AT&T Laboratories, Cambridge
This tool displays X Window and Windows desktops on remote systems. http://www.uk.research.att.com/vnc/
WinDump and WinDump95 -- Loris Degioanni, Piero Viano, and Fulvio Risso
These are ports oftcpdump to Windows/98. http://netgroup-serv.polito.it/windump/
winping-- Rich Morgan
This is another ping utility for Windows. http://www.cheap-price.com/winping/
xinetd-- Panos Tsirigotis
This is a secure replacement for the inetd utility. http://www.synack.net/xinetd/
xlogmaster-- Georg Greve
This is Greve's older log management software. You may want to check on the status of AWACS before using it. http://www.gnu.org/software/xlogmaster/
xplot-- David Clark
A tool for graphing data in an X Window environment. There are several programs with this name, so be sure you have the right one. ftp://mercury.lcs.mit.edu/pub/shep/
xv-- John Bradley
This is a modestly priced shareware program for the interactive display of images from an X Window system. You should probably try gimp first. ftp://ftp.cis.upenn.edu/pub/xv