Networking Monitoring Tools

Packet Capturing

Gulp

Gulp purports to be better at capturing packets than tcpdump (although they can work together).

There is more than one version out there:

- This one says it applied a patch to it five years ago.

  • This one says it is the original but hasn't been updated in six years.
  • This blog post has updated versions of it including one in 2017 that says it has a major bug fix (but I don't know if it's a gulp bug or not)

tcpdump

More easily obtainable and better documentation available (although still not enough).

ssldump

Captures packets and decodes SSL/TLS packets.

Packet Examining

Compressed PCAP Packet Indexing Prograpm (cppip)

This adds indexing to bgzip compressed LibPCAP files which then lets you extract them while the original files are still compressed.

tcpslice

This lets you extract part of or combine files created by tcpdump when using file rotation.

ngrep

Describes itself as like GNU grep but for packets.

pylibpcap, pypcap

Python code to work with libpcap.

WireShark

These are installed when you install wireshark.

tshark/wireshark

Packet capturing and examining (better documented than most of the other programs)

reordercap

Reorders the packets by timestamp.

capinfos

This prints summary information about packe files (works with gzipped files).

mergecap

Merges multiple packet files together. Mergecap will try to keep timestamps in order when merging, but it assumes each individual file to merge is already in order.

Packet Flows

tcpick

Track, reassemble, reorder TCP streams.

tcptrace

Gives connection information taken from a capture file.

tcpflow

Separates out TCP flows into separate files.

Capture Summarizing

ipsumdump

Summarizes packet information in ASCII format

tcpdstat

Gives summary statistics for a pcap file

Network Monitoring

ntop

Like top but for the network.

Miscellaneous

netcat

Read from and write to TCP/UDP network connections.

socat

Route data between byte streams.