Tools

Tools

This is a place for scripts and tools related to Ethereal / Tethereal that users may like to share, and for links to related NetworkTroubleshooting tools.

You will find additional development related tools in the Development page.

Internal

Some command line tools are shipped together with Ethereal. These tools are useful to work with capture files.

• dumpcap a small program which only purpose is to capture network traffic, while keeping advanced features like capturing to multiple files (since Ethereal 0.99.0)

• capinfos is a program that reads a saved capture file and returns any or all of several statistics about that file

• editcap edit and/or translate the format of capture files

• mergecap merges multiple capture files into one

• text2pcap generates a capture file from an ASCII hexdump of packets

Scripts

• osXextraction a Mac OS X bash script to extract particular packet types from a capture file (NOTE: it's not very OS X-specific - some small changes should allow it to work on other UN*Xes, and would probably allow it to work on Windows with Cygwin as well.)

• RtpDumpScript a perl script to dump RTP audio data

• RtpH263DumpScript a perl script to dump H.263 video data

• tektronix2pcap a script to convert Tektronix rf5 files to pcap format that can be loaded into Ethereal. Note that current versions of Ethereal can directly read rf5 binary captures.

External Links

Tools related to NetworkTroubleshooting and alike.

Dedicated capture tools

• dumpcap shipped with Ethereal, already mentioned at the "Internal" section above

• TcpDump / WinDump the classical capture tool(s)

• snoop SunOS/Solaris capture tool

Monitoring/tracing tools

The following tools can process the libpcap-format files that Ethereal and Tethereal produce or can perform network traffic capture and analysis functions complementary to those performed by Ethereal and Tethereal. In brackets you will find the program license and the supported operating systems.

• Etherape A graphical network monitor (GPL, Linux only)

• Ntop Network top - tool that lets you analyze network traffic statistics (GPL, FreeBSD/Linux/Unix)

• Snort Network intrusion detection system (GPL, BSD/Linux/Unix/Win32)

• Prelude Another network intrusion detection system (GPL, BSD/Linux/Unix)

• tcpflow Extracts data streams from TCP connections and writes each stream to a file (GPL, BSD/Linux/Unix)

• tcptrace Tool for analysis of TCP connections (GPL, BSD/Linux/Unix)

• online message parser Online single hex message parser, supports Wireless/PSTN/VoIP protocols (Freeware, Web)

• tcpstat Tool for reporting statistics for TCP connections (BSD style, BSD/Linux/Unix)

• Tele Traffic Tapper Graphical traffic-monitoring tool; can also read saved capture files (BSD style?, BSD/Linux)

• Ettercap Allows for sniffing of machines in a switched network LAN (GPL, BSD/Linux/Solaris)

• HUNT Allows for sniffing of machines in a switched network LAN as well as providing a very easy to use API to modify the intercepted frames before they are forwarded. Intercept and Modify. (GPL, Linux)

• RRDtool is "a system to store and display time-series data (i.e. network bandwidth, machine-room temperature, server load average)". (GPL, various UN*Xes) Many RRDtool-based applications are listed on the RRD World page.

• Show Traffic shows continuous summary list of TCP/UDP traffic (BSD, Win32)

• TcpView maps TCP/UDP endpoints to running programs (Freeware, Win32)

• p0f versatile passive OS fingerprinting and many other tricks (Freeware, BSD/Linux/Win32/...). Take a look here to see some stats generated with p0f and some scripts.

Traffic generators

These tools will either generate traffic and transmit it, retransmit traffic from a capture file, perhaps with changes, or permit you to edit traffic in a capture file and retransmit it.

• tcpreplay the opposite of tcpdump, send pcap files out of an interface (BSD, BSD/Linux/Unix)

• packETH GUI Ethernet packet generator for Linux (GPL, Linux only)

• Network Traffic Generator Client/Server based TCP/UDP traffic generator (GPL, BSD/Linux/Win32)

• Bit-Twist includes bittwist, to retransmit traffic from a capture file, and bittwiste, to edit a capture file and write the result to another file (GPL, BSD/Linux/Solaris/Windows 2000 and XP)

• Nemesis is a command-line network packet crafting and injection utility. Nemesis can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP packets. (GPL, BSD/Linux/Solaris/Mac OSX/Win32)

Collections

• Top 75 Security Tools from nmap users votes

• Packetfactory projects Various networking-related tools and libraries

• A list of tools Web page of links to various networking tools

• Network Security Toolkit Fedora-based bootable Linux CD with various networking tools

• dsniff is a collection of tools for network auditing and penetration testing (BSD style?, BSD/Linux/Solaris/...)

USB capture

You cannot use Ethereal to capture raw USB traffic. If it's an Ethernet (or any other network related) USB adapter, Ethereal can capture e.g. Ethernet traffic from that USB device if the platform supports it (which it usually will do). On Win32 you can however try:

• http://www.wingmanteam.com/usbsnoopy/ last updated in 2001 (no license, source incl., Win32)

• http://sourceforge.net/projects/usbsnoop/ successor of usbsnoopy?, last updated in 2002 (GPL, Win32)