Tutorial, Internet, Hardware, Software, Os, Linux, Android, Security, Mikrotik

03 August, 2009

Tools jaringan di Debian

We are going to see some of the network monitoring and network traffic related tools available in Debian
BWM - BandWidth Monitor
This is a very tiny bandwidth monitor (not X11). Can monitor up to 16 interfaces in the in the same time, and shows totals too.
Installing BWM in debian
#apt-get install bwm
This will complete the installation and if you want to see your network interfaces run the following command
#bwm
Output looks like below
Bandwidth Monitor 1.1.0
Iface RX(KB/sec) TX(KB/sec) Total(KB/sec)
lo 0.000 0.000 0.000
eth0 0.327 0.326 0.653
eth1 0.000 0.000 0.000
Total 0.327 0.326 0.653
Hit CTRL-C to end this madness.
If you want more options check bwm man page
Cutter - disconnect routed IP connections
Cutter will send packets to both ends of a tcp/ip connection to close the connection. It is designed to be used on a Linux router to disconnect unwanted connections.
Install Cutter in Debian
#apt-get install cutter
Reading package lists… Done
Building dependency tree… Done
The following NEW packages will be installed
cutter
0 upgraded, 1 newly installed, 0 to remove and 12 not upgraded.
Need to get 10.2kB of archives.
After unpacking 65.5kB of additional disk space will be used.
Get: 1 http://mirror.ox.ac.uk stable/main cutter 1.02-1 [10.2kB]
Fetched 10.2kB in 0s (68.3kB/s)
Selecting previously deselected package cutter.
(Reading database … 41195 files and directories currently installed.)
Unpacking cutter (from …/cutter_1.02-1_i386.deb) …
Setting up cutter (1.02-1) …
This will completes the installation.
Cutter usage
usage: cutter ip [ port [ ip [ port ] ] ]
Example :- cutter 200.1.2.3 22 10.10.0.45 32451
If you want more options and how to use check cutter man page
doscan - port scanner for discovering services on large networks
doscan is a tool to discover TCP services on your network. It is designed for scanning a single ports on a large network. doscan contacts many hosts in parallel, using standard TCP sockets provided by the operating system. It is possible to send strings to remote hosts, and collect the banners they return.
There are better tools for scanning many ports on a small set of hosts, for example nmap.
Install doscan in debian
#apt-get install doscan
Reading package lists… Done
Building dependency tree… Done
The following NEW packages will be installed
doscan
0 upgraded, 1 newly installed, 0 to remove and 12 not upgraded.
Need to get 52.8kB of archives.
After unpacking 172kB of additional disk space will be used.
Get: 1 http://mirror.ox.ac.uk stable/main doscan 0.3.0-1 [52.8kB]
Fetched 52.8kB in 0s (253kB/s)
Selecting previously deselected package doscan.
(Reading database … 41201 files and directories currently installed.)
Unpacking doscan (from …/doscan_0.3.0-1_i386.deb) …
Setting up doscan (0.3.0-1) …
This will completes the installation.
if you want to use doscan here is the examples
#doscan –banner 100 –port 13 192.0.2.1
Prints the time on the host 192.0.2.1 (if it runs a daytime server).
#doscan –banner 100 –receive ‘(.*)\n$’ –port 22 192.0.2.0/24
Scan for SSH servers and record the banners (usually containing version information about the SSH server).
#doscan –banner 200 –receive ‘(.*?)\r?\n$’ –port 25 192.0.2.0/24
Scan for SMTP servers and record their greeting messages. Works for FTP as well, with –port 21 instead of –port 25.
If you want more options and how to use check dosscan man page
dsniff - Various tools to sniff network traffic for cleartext insecurities
This package contains several tools to listen to and create network traffic:
* arpspoof - Send out unrequested (and possibly forged) arp replies.
* dnsspoof - forge replies to arbitrary DNS address / pointer queries
on the Local Area Network.
* dsniff - password sniffer for several protocols.
* filesnarf - saves selected files sniffed from NFS traffic.
* macof - flood the local network with random MAC addresses.
* mailsnarf - sniffs mail on the LAN and stores it in mbox format.
* msgsnarf - record selected messages from different Instant Messengers.
* sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
* sshow - SSH traffic analyser
* tcpkill - kills specified in-progress TCP connections.
* tcpnice - slow down specified TCP connections via “active”
traffic shaping.
* urlsnarf - output selected URLs sniffed from HTTP traffic in CLF.
* webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies.
* webspy - sends URLs sniffed from a client to your local browser.
Install dsniff in debian
#apt-get install dsniff
Reading package lists… Done
Building dependency tree… Done
The following extra packages will be installed:
libnet0 libnet1 libnids1 libpcap0.8
The following NEW packages will be installed
dsniff libnet0 libnet1 libnids1 libpcap0.8
0 upgraded, 5 newly installed, 0 to remove and 12 not upgraded.
Need to get 288kB of archives.
After unpacking 885kB of additional disk space will be used.
Get: 1 http://mirror.ox.ac.uk stable/main libnet1 1.1.2.1-2 [50.5kB]
Get: 2 http://mirror.ox.ac.uk stable/main libpcap0.8 0.8.3-5 [81.8kB]
Get: 3 http://mirror.ox.ac.uk stable/main libnids1 1.20-1 [21.7kB]
Get: 4 http://mirror.ox.ac.uk stable/main libnet0 1.0.2a-7 [20.9kB]
Get: 5 http://mirror.ox.ac.uk stable/main dsniff 2.4b1-9 [113kB]
Fetched 288kB in 0s (456kB/s)
Selecting previously deselected package libnet1.
(Reading database … 41210 files and directories currently installed.)
Unpacking libnet1 (from …/libnet1_1.1.2.1-2_i386.deb) …
Selecting previously deselected package libpcap0.8.
Unpacking libpcap0.8 (from …/libpcap0.8_0.8.3-5_i386.deb) …
Selecting previously deselected package libnids1.
Unpacking libnids1 (from …/libnids1_1.20-1_i386.deb) …
Selecting previously deselected package libnet0.
Unpacking libnet0 (from …/libnet0_1.0.2a-7_i386.deb) …
Selecting previously deselected package dsniff.
Unpacking dsniff (from …/dsniff_2.4b1-9_i386.deb) …
Setting up libnet1 (1.1.2.1-2) …
Setting up libpcap0.8 (0.8.3-5) …
Setting up libnids1 (1.20-1) …
Setting up libnet0 (1.0.2a-7) …
Setting up dsniff (2.4b1-9) …
this will complete the installation
If you want to know how to use and more options check dsniff man page
ethereal - network traffic analyzer
Ethereal is a network traffic analyzer, or “sniffer”, for Unix and Unix-like operating systems. A sniffer is a tool used to capture packets off the wire. Ethereal decodes numerous protocols (too many to list).
This package provides ethereal (the GTK+ version)
Install ethereal in Debian
#apt-get install ethereal
Reading package lists… Done
Building dependency tree… Done
The following extra packages will be installed:
ethereal-common libadns1 libatk1.0-0 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libpango1.0-0 libpango1.0-common libxcursor1
Suggested packages:
ttf-kochi-gothic ttf-kochi-mincho ttf-thryomanes ttf-baekmuk ttf-arphic-gbsn00lp ttf-arphic-bsmi00lp ttf-arphic-gkai00mp ttf-arphic-bkai00mp
Recommended packages:
gksu libadns1-bin libatk1.0-data hicolor-icon-theme x-ttcidfont-conf
The following NEW packages will be installed
ethereal ethereal-common libadns1 libatk1.0-0 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libpango1.0-0 libpango1.0-common libxcursor1
0 upgraded, 10 newly installed, 0 to remove and 12 not upgraded.
Need to get 10.5MB of archives.
After unpacking 35.1MB of additional disk space will be used.
Do you want to continue [Y/n]?y
this will complete the installation
This is completely GTK interface program you can easily operate
etherwake - A little tool to send magic Wake-on-LAN packets
You can wake up WOL compliant Computers which have been powered down to sleep mode or start WOL compliant Computers with a BIOS feature.
WOL is an abbreviation for Wake-on-LAN. It is a standard that allows you to turn on a computer from another location over a network connection.
etherwake also supports WOL passwords.
Install etherwake in Debian
#apt-get install etherwake
Reading package lists… Done
Building dependency tree… Done
The following NEW packages will be installed
etherwake
0 upgraded, 1 newly installed, 0 to remove and 12 not upgraded.
Need to get 8620B of archives.
After unpacking 73.7kB of additional disk space will be used.
Get: 1 http://mirror.ox.ac.uk stable/main etherwake 1.08-1 [8620B]
Fetched 8620B in 0s (59.4kB/s)
Selecting previously deselected package etherwake.
(Reading database … 41724 files and directories currently installed.)
Unpacking etherwake (from …/etherwake_1.08-1_i386.deb) …
Setting up etherwake (1.08-1) …
this will complete the installation.If you want to use etherwake you need to specify the following command
#etherwake
Example :- etherwake 00:11:22:33:44:55
If you want to know more option on etherwake and how to use check etherwake man page
ethstats - script that quickly measures network device throughput
ethstats works by parsing the /proc/net/dev file that the Linux kernel maintains, and thus utilizes a negligible amount of CPU time. ethstats shows the throughput of each device in both megabits per second and packets per second.
Install ethstats in debian
#apt-get install ethstats
this will complete the installation.If you want to use ethstats run the following command
#ethstats
Output looks like below
total: 0.01 Mb/s In 0.00 Mb/s Out - 7.0 p/s In 5.0 p/s Out
eth0: 0.01 Mb/s In 0.00 Mb/s Out - 7.0 p/s In 5.0 p/s Out
eth1: 0.00 Mb/s In 0.00 Mb/s Out - 0.0 p/s In 0.0 p/s Out
If you want to know more option on ethstats and how to use check ethstats man page
ethstatus - Console-based ethernet statistics monitor
Ethstatus is a console-based monitoring utility for displaying statistical data of the ethernet interface on a quantity basis. It is similar to iptraf but is meant to run as a permanent console task to monitor the network load.
Install ethstatus in debian
#apt-get install ethstatus
this will complete the installation.If you want to use ethstatus you need to specify the following command
#ethstatus
output looks like below
If you want to know more option on ethstatus and how to use check ethstatus man page
ettercap - Multipurpose sniffer/interceptor/logger for switched LAN
Ettercap supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Data injection in an established connection and filtering (substitute or drop a packet) on the fly is also possible, keeping the connection synchronized.
Many sniffing modes were implemented to give you a powerful and complete sniffing suite. It’s possible to sniff in four modes: IP Based, MAC Based, ARP Based (full-duplex) and PublicARP Based (half-duplex).
It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
Install ettercap in debian
#apt-get install ettercap
After installing this try to run the following command to select the user interface to use this program
#ettercap
ftm - Frogfoot Networks Traffic Monitoring Utility
This is `ftm’, a console utility used for monitoring networks using netfilter packet counters.
Install ftm in debian
#apt-get install ftm
Usage
#ftm
check man page of ftm for more options and how to use
ftpgrab - file mirroring utility
ftpgrab is a utility for maintaining FTP mirrors. In fact not unlike the “Mirror” perl program. However ftpgrab is oriented towards the smaller site which doesn’t have the resources to mirror entire version trees of software.
The primary “plus point” of ftpgrab is that it can base download decisions by parsing version numbers out of filenames. For example, ftpgrab will recognize that the file “linux-2.2.2.tar.gz” is newer than “linux-2.2.1.tar.gz” based on the version string. It will then download the new version and delete the old one when it is done, thus saving you mirroring 10 kernel versions all at >10Mb each.
Install ftpgrab in debian
#apt-get install ftpgrab
check man page of ftpgrab for more options and how to use
hunt - Advanced packet sniffer and connection intrusion
Hunt is a program for intruding into a connection, watching it and resetting it.
Note that as hunt is operating on Ethernet, it is best used for connections which can be watched through it. However, it is possible to do something even for hosts on another segments or hosts that are on switched ports
Install hunt in debian
#apt-get install hunt
After installing if you want to run the program just use the following command
#hunt
this will display the following screen
/*
* hunt 1.5
* multipurpose connection intruder / sniffer for Linux
* (c) 1998-2000 by kra
*/
starting hunt
— Main Menu — rcvpkt 1, free/alloc 63/64 ——
l/w/r) list/watch/reset connections
u) host up tests
a) arp/simple hijack (avoids ack storm if arp used)
s) simple hijack
d) daemons rst/arp/sniff/mac
o) options
x) exit
->
select any option from this to run this program
If you want more options and how to use check hunt man page
httping - ping-like program for http-requests
httping show you how long it takes to connect to a hostname or remote url; send a request and retrieve the reply (only the headers).
Install httping in debian
#apt-get install httping
This will completes your installation.If you want to run this program type the following command
#httping -g http://www.debian.org
Output looks like below
PING www.debia.org:80 http://www.debia.org):
connected to www.debia.org:80, seq=0 time=424.96 ms
connected to www.debia.org:80, seq=1 time=194.49 ms
connected to www.debia.org:80, seq=2 time=195.99 ms
connected to www.debia.org:80, seq=3 time=197.45 ms
connected to www.debia.org:80, seq=4 time=195.37 ms
connected to www.debia.org:80, seq=5 time=194.86 ms
http://www.debia.org ping statistics —
6 connects, 6 ok, 0.00% failed
round-trip min/avg/max = 194.5/233.9/425.0 ms
If you want more options and how to use check httping man page
idswakeup - A tool for testing network intrusion detection systems.
idswakeup is a Bourne shell script invoking hping2 (required) and iwu (part of this package) to generate false alarms in order to check if a network intrusion detection system works all right.
idswakeup requires no configuration and includes many common attack simulations.
Install idswakeup in debian
#apt-get install idswakeup
If you want to use this program follow this syntax
Usage : /usr/sbin/idswakeup [nb] [ttl]
If you want more options and how to use check idswakeup man page
ifmetric - Set routing metrics for a network interface
ifmetric is a Linux tool for setting the metrics of all IPv4 routes attached to a given network interface at once. This may be used to change the priority of routing IPv4 traffic over the interface. Lower metrics correlate with higher priorities
Install ifmetric in debian
#apt-get install ifmetric
If you want to use this program follow this syntax
Usage: ifmetric [metric]
If you want more options and how to use check ifmetric man page
ifplugd - A configuration daemon for ethernet devices
ifplugd is a daemon which will automatically configure your ethernet device when a cable is plugged in and automatically unconfigure it if the cable is pulled. This is useful on laptops with onboard network adapters, since it will only configure the interface when a cable is really connected.
Some features:
* May beep when the cable is unplugged, plugged, the interface configuration succeeded or failed.
* Syslog support
* small
* Multiple ethernet interface support
* Support for wireless networking. Whenever an association to an AP is detected the network is configured. Have a look on waproamd if you need a facility to configure WEP keys before AP associations succeed.
* Compatibility mode for network devices which do not support cable detection
Install ifplugd in debian
#apt-get install ifplugd
If you want to use this program follow this syntax
#ifplugd [options]
If you want more options and how to use check ifplugd man page
ifrename - Rename network interfaces based on various static criteria
Ifrename allow the user to decide what name a network interface will have. Ifrename can use a variety of selectors to specify how interface names match the network interfaces on the system, the most common selector is the interface MAC address.
Install ifrename in debian
#apt-get install ifrename
If you want to use this program follow this syntax
#ifrename [-c configfile] [-i interface] [-n newname]
If you want more options and how to use check ifrename man page
ifscheme - scheme control for network interfaces
ifscheme allows you to change network configuraton schemes or query the current scheme. It integrates with the ifup(8) command and interfaces(5). For example, you might use this program to configure a “home” scheme and a “work” scheme for a network device on a laptop. When you move between home and work, a simple command can reconfigure your networking
Install ifscheme in debian
#apt-get install ifscheme
If you want to use this program follow this syntax
#ifscheme [-v] [[-s] newscheme]
If you want more options and how to use check ifscheme man page
ifstat - InterFace STATistics Monitoring
ifstat is a tool to report network interfaces bandwith just like vmstat/iostat do for other system counters. It can monitor local interfaces by polling the kernel counters, or remote hosts interfaces using SNMP.
Install ifstat in debian
#apt-get install ifstat
If you want to use this program follow this syntax
#ifstat
Output looks like below
eth0
KB/s in KB/s out
0.20 0.22
0.20 0.20
0.20 0.20
0.20 0.20
If you want more options and how to use check ifstat man page
iftop - Display bandwidth usage on an interface
iftop does for network usage what top(1) does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question “why is our ADSL link so slow?”.
Install iftop in debian
#apt-get install iftop
If you want to use this program follow this syntax
#iftop -h | [-nNpbBP] [-i interface] [-f filter code] [-F net/mask] or #iftop
If you want more options and how to use check iftop man page
iog - Network I/O byte grapher
IOG is a network I/O byte grapher made to graph cumulative KB/MB/GB totals for hours/days and months. It is intended to be simple, fast (support thousands of hosts) and integrate well with MRTG. Data for each host is updated hourly and HTML graphs are created. It uses a data consolidation algorithm which allows for a small, non-growing database file for each host. No external graphing libs or executables are required.
Install iog in debian
#apt-get install iog
for more information check here http://www.dynw.com/iog/
ipband - daemon for subnet bandwidth monitoring with reporting via email
This is a daemon which can monitor as many different subnets (or individual hosts, by specifying a “subnet” of /32) as you’d like. The reporting facility will only be triggered when a defined bandwidth level had been exceeded for a defined time.
Information reported includes the connections which are taking up the most bandwidth (ip address and port pairs). Reporting is done via email.
Install ipband in debian
#apt-get install ipband
If you want to use this program here is one example
Example:
#ipband eth0 -f “net 10.10.0.0/16″ -m 24 -a 300 -r 900
Will capture packets from/to ip addresses matching 10.10.0.0/255.255.0.0, tally traffic by the third octet,
calculate bandwidth utilization every 5 minutes and report per host traffic every 15 minutes.
If you want more options and how to use check ipband man page
iperf - Internet Protocol bandwidth measuring tool
Iperf is a modern alternative for measuring TCP and UDP bandwidth performance, allowing the tuning of various parameters and characteristics.
Features:
* Measure bandwidth, packet loss, delay jitter
* Report MSS/MTU size and observed read sizes.
* Support for TCP window size via socket buffers.
* Multi-threaded. Client and server can have multiple simultaneous
connections.
* Client can create UDP streams of specified bandwidth.
* Multicast and IPv6 capable.
* Options can be specified with K (kilo-) and M (mega-) suffices.
* Can run for specified time, rather than a set amount of data to transfer.
* Picks the best units for the size of data being reported.
* Server handles multiple connections.
* Print periodic, intermediate bandwidth, jitter, and loss reports at
specified intervals.
* Server can be run as a daemon.
* Use representative streams to test out how link layer compression affects
your achievable bandwidth.
Install iperf in debian
#apt-get install iperf
If you want to use this program follow this syntax
Usage: iperf [-s|-c host] [options]
Ipgrab is a network debugging utility not unlike tcpdump except that it prints out detailed header field information for data link, network and transport layers.
Install ipgrab in debian
#apt-get install ipgrab
This will complete the installation.If you want to run ipgrab run the following command
#ipgrab
Output looks like below
————————————————————————–
IP Header
————————————————————————–
Version: 4
Header length: 5 (20 bytes)
TOS: 0×00
Total length: 40
Identification: 61408
Fragmentation offset: 0
Unused bit: 0
Don’t fragment bit: 1
More fragments bit: 0
Time to live: 125
Protocol: 6 (TCP)
Header checksum: 39480
Source address: 17.2.22.2
Destination address: 17.9.5.13
————————————————————————–
TCP Header
————————————————————————–
Source port: 2319 (unknown)
Destination port: 22 (SSH)
Sequence number: 4203153703
Acknowledgement number: 3693124827
Header length: 5 (20 bytes)
Unused: 0
Flags: A
Window size: 64807
Checksum: 47397
Urgent: 0
**************************************************************************
Ethernet (1153393310.927926)
————————————————————————–
Hardware source: 00:60:83:7c:da:49
Hardware destination: 00:11:43:33:b3:ef
Type / Length: 0×800 (IP)
Media length: 60
————————————————————————–
If you want more options and how to use ipgrab check ipgrab man page
knocker - a simple and easy to use TCP security port scanner
Knocker is a new, simple, and easy to use TCP security port scanner written in C, using threads. It is able to analyze hosts and the network services which are running on them.
The URL for this project is http://knocker.sourceforge.net/
Install knocker in debian
#apt-get install knocker
This will complete the installation now you need to run this program with the following command
#knocker -H 192.168.0.1 -SP 1 -EP 1024
Output looks like below
+—————————————————————————–+
|–=| k n o c k e r — t h e — n e t — p o r t s c a n n e r |=-=[ 0.7.1 ]=-|
+—————————————————————————–+
- started by user root on Fri Jul 21 10:16:00 2006
- hostname to scan: 192.168.0.1
- resolved host ip: 192.168.0.1
- - scan from port: 1
- - - scan to port: 1024
- - - - scan type: tcp connect
+=- - - - - - - - - - - - - - - - - - - - - - - - - - - - - s c a n n i n g -
-=[ 21/tcp, ftp ]=- * OPEN *
-=[ 22/tcp, ssh ]=- * OPEN *
-=[ 80/tcp, www ]=- * OPEN *
-=[ 111/tcp, sunrpc ]=- * OPEN *
-=[ 113/tcp, auth ]=- * OPEN *
-=[ 199/tcp, smux ]=- * OPEN *
-=[ 607/tcp, nqs ]=- * OPEN *
+=- - - - - - - - - - - - - - - - - - - - - - - - - - - - c o m p l e t e d -
- scanned host name: 192.168.0.1 IP: 192.168.0.1
- found 7 open ports in a total of 1024 ports scanned.
- port scan completed in 0.10 seconds.
knockd - small port-knock daemon
A port-knock server that listens to all traffic on a given network interface (only Ethernet and PPP are currently supported), looking for a special “knock” sequences of port-hits. A remote system makes these port-hits by sending a TCP (or UDP) packet to a port on the server. When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file. This can be used to open up holes in a firewall for quick access.
sumber dari debianhelp

No comments:

Post a Comment

Terima kasih atas komentarnya