November 24, 2014
 
 
RSSRSS feed

5 Linux Network Monitoring Tools - page 2

Ping and Etherape

  • November 4, 2010
  • By Paul Ferrill

Nmap

Nmap is a widely used security scanner tool originally released in 1997. It uses a variety of special packets to probe a network for any number of purposes including creating an IP map of addresses, determining the operating system of a specific target IP address and probing a range of IP ports at a specific address. One of the most basic issues is to do what's called a ping sweep, meaning a series of ping commands to determine what addresses have computers attached to them. This can be accomplished with the following command:

$ nmap -sP 192.168.1.1-255

There are a number of graphical applications available from the Ubuntu Software Center that use nmap as the engine and then display the results in a more user-friendly way. These include NmapSI4, which uses a Qt4 interface, and Zenmap.

Tcpdump

Capturing network traffic for further analysis is the primary function of tcpdump. Actually, the packet capturing is accomplished by libpcap while the actual presentation and analysis is done with tcpdump. Raw Ethernet data is stored in the pcap file format for further examination. This same file format is used by other packet analysis tools such as Wireshark.

A typical tcpdump command to capture basic traffic would be:

$ sudo tcpdump nS

The sudo is required to gain access to the default Ethernet device. This command will display basic information including time, source and destination addresses and packet type. It will continue displaying information in the terminal until you press control-C. Tcpdump is the best and fastest way to capture network traffic to a file. A typical command to accomplish this would be:

$ sudo tcpdump s w pktfile.pcap

<em>Wireshark</em>
Wireshark

Wireshark

Wireshark, formerly known as Ethereal, has become the tool of choice for many, if not most, network professionals. (Ubuntu users will find it in the Ubuntu Software Center under the Internet tab.) As with some of the other tools, we had to launch Wireshark from the command line using sudo to get it to see the available Ethernet devices. Once launched you should see a list of available interfaces on the left-hand side of the main window. Selecting one of the available interfaces or the virtual interface that collects packets from all Ethernet devices will bring up the protocol display page.

<em>Wireshark</em>
Wireshark

Wireshark provides a wealth of information about the captured traffic along with tools to filter and display based on any number of criteria including source or destination address, protocol, or error status. The Wireshark homepage has links to video tutorials, white papers and sample data to help get you started in network sleuthing.

Summary

Linux is an ideal platform to learn network troubleshooting techniques. It offers a wide array of command line and GUI tools to analyze and visualize your network traffic.

Sitemap | Contact Us