Sources for Tools (Network Troubleshooting Tools)

A.4. Sources for Tools

This section gives basic information on each tool discussed in this book. I have not included built-in tools like ps. The tools are listed alphabetically. I have tried to make a note of which tools are specific to Windows, but I did not list Windows tools separately, since many tools are available for both Unix and Windows.

A few tools discussed in the book, particularly older tools, seem to have no real home but may be available in some archives. This is generally an indication that the tool is fading into oblivion and should be used as a last alternative. (Some of these tools, however, are alive and well as Linux packages or FreeBSD ports.) While I was writing this book, a number of home pages for tools changed. Also, several of the sites seem to be down more than they are up. I have supplied the most recent information I have, but many of the tools will have moved.

TIP: These URLs are nothing more than starting points. If you can't find the tool at the URL given here, consider doing an Internet search. In fact, I really recommend doing your own search over using this list. I find that I have the most luck with searches if I do a compound search with the tool's name and the author's last name.

WARNING: That one version of a tool is safe, stable, and useful doesn't mean the next version won't have severe problems. New programs are introduced on an almost daily basis. So keep your eyes open.

Analyzer -- Piero Viano: This is a protocol analyzer for Windows. (Directions are available only in Italian.) http://netgroup-serv.polito.it/analyzer/
argus -- Carter Bullard: This is a generic IP network transaction auditing tool. ftp://ftp.sei.cmu.edu/pub/argus-1.5
arping -- marvin@nss.nu: This ping-like program uses ARP requests to check reachability. http://synscan.nss.nu/programs.php
arpwatch -- Lawrence Berkeley National Laboratory: This tool watches for new or changed MAC addresses. ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
AWACS -- Georg Greve: This is log management software currently under development. http://www.gnu.org/software/awacs/awacs.html
bb -- BB4 Technologies, Inc.: This is web-based monitoring software. http://www.bb4.com/
bind -- University of California at Berkeley and the Internet Software Consortium: This is the Berkeley Internet Name Daemon, i.e., domain name server software. It includes a number of testing tools. http://www.isc.org/products/BIND/
bing -- Pierre Beyssac: This tool measures point-to-point bandwidth. http://www.freenix.fr/freenix/logiciels/bing.html
bluebird -- Shane O'Donnell et al.: This is a general network management applications framework. http://www.opennms.org/
bprobe and cprobe: These tools measure the bandwidth at the slowest link on a path. ftp://cs-www.bu.edu/carter/probes.tar.Z
cheops -- Mark Spencer: This is a Linux-based network management platform. http://www.marko.net/cheops/
Chesapeake port scanner -- Mentor Technologies: This is a simple port scanner for Windows. http://www.mentortech.com/learn/tools/pscan.shtml
clink -- Allen Downey: This is another pathchar variant, a tool for measuring the bandwidth of links on a path. http://www.cs.colby.edu/~downey/clink/
CMU SNMP -- Carnegie Mellon University: This set of SNMP tools has largely been superseded by NET SNMP. They are still commonly available for Linux. http://www.gaertner.de/snmp/
cpm -- CERT at Carnegie Mellon University: This tool checks to see if any interfaces are in promiscuous mode. ftp://info.cert.org/pub/tools/cpm.tar.Z
cricket -- Jeff Allen: This tool queries devices, collecting information over time, typically router traffic, and graphs the collected information. http://cricket.sourceforge.net/
cyberkit -- Luc Neijens: This multipurpose Windows-based tool includes ping, traceroute, scanning, and SNMP. It is postcardware. http://www.cyberkit.net
dig: Part of the bind distribution. This tool retrieves domain name information from a server.
dnsquery: Part of the bind distribution. This tool retrieves domain name information from a server.
dnsutl -- Peter Miller: This is a tool to simplify DNS configuration. http://www.pcug.org.au/~millerp/dnsutl/dnsutl.html
dnswalk -- David Barr: This tool retrieves and analyzes domain name information from a server. http://www.cis.ohio-state.edu/~barr/dnswalk/
doc -- Steve Hotz, Paul Mockapetris, and Brad Knowles: This tool retrieves and analyzes domain name information from a server.
dsniff -- Dug Song: This is a set of utilities that can be used to test or breach the security on your system. http://naughty.monkey.org/~dugsong/dsniff/
echoping -- Stéphane Bortzmeyer: This is an alternative to ping that uses protocols other than ICMP. ftp://ftp.internatif.org/pub/unix/echoping/
egressor -- Mitre: This tool set verifies that your router will not forward packets with spoofed addresses. http://www.packetfactory.net/Projects/Egressor/
ethereal -- Gerald Combs et al.: This is a protocol analyzer that runs under X Window and Windows. It requires GTK+, which in turn requires GLIB. http://www.ethereal.com
fping -- Roland J. Schemers: This is a ping variant that can check multiple systems in parallel. http://www.fping.com
fressh -- FreSSH Organization: This is another alternative to ssh. http://www.fressh.org/
getif -- Philippe Simonet: This is a multipurpose Windows tool that uses SNMP. http://www.wtcs.org/snmp4tpc/testing.htm
gimp: This is an image manipulation program. It is also available for Windows. http://www.gimp.org/
GTK+ -- Peter Mattis, Spencer Kimball, and Josh MacDonald: This is a GUI development toolkit. Its libraries may be needed by other tools. http://www.gtk.org/
gtkportscan -- Rafael Barrero: This is a port scanner that is written in GTK+. The last reported site was http://armageddon.splorg.org/gtkportscan/.
GxSNMP: This is a network management applications framework. http://www.gxsnmp.org/
h2n: This Perl tool translates a host table to name server file format. ftp://ftp.uu.net/published/oreilly/nutshell/dnsbind/dns.tar.Z
host: Part of the bind distribution. This tool retrieves domain name information from a server.
hping: Salvatore Sanfilippo. This tool sends custom packets and displays responses. http://www.kyuzz.org/antirez/software.html
iperf -- Mark Gates and Alex Warshavsky: This is a tool for measuring TCP and UDP bandwidth. http://dast.nlanr.net/Projects/Iperf/
ipfilter -- Darren Reed: This is a set of programs to filter TCP/IP packets. It includes ipsend, a tool to send custom packets. http://coombs.anu.edu.au/~avalon/ip-filter.html
ipload -- BTT Software: This is a load generator for Windows. http://www.bttsoftware.co.uk/ipload.html
ipsend -- Darren Reed: This tool is part of the ipfilter package. http://coombs.anu.edu.au/~avalon/ip-filter.html
lamers -- Bryan Beecher: This tool checks for lame delegations in a DNS database. Its current official location is unknown. The last reported official site: ftp://terminator.cc.umich.edu/dns/lame-delegations. I found links to copies at http://www.dns.net/dnsrd/tools.html.
logcheck -- Craig Rowland: This log management tool is suitable for use with syslog files. http://www.psionic.com/abacus/logcheck/
lsof -- Victor Abell: This tool lists open files on a Unix system. ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
MGEN -- Brian Adamson and Naval Research Laboratory: This tool set generates and receives traffic. It is used primarily for load testing. http://manimac.itd.nrl.navy.mil/MGEN/
mon -- Jim Trocki: This is a general purpose resource-monitoring system for host and service availability. http://www.kernel.org/software/mon/
mrtg -- Tobias Oetiker and Dave Rand: This tool queries devices, collects information over time (typically router traffic) and graphs collected information. http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/
mssh -- Metro State College of Denver: This is a version of ssh for Windows. http://cs.mscd.edu/MSSH/index.html
msyslog -- Core SDI: This is modular syslog, a replacement for secure syslog. http://www.core-sdi.com/english/freesoft.html
nam -- Steven McCanne and VINT: This is a Tcl/Tk-based network visualization and animation tool. http://www.isi.edu/nsnam/nam/
nemesis -- obecian@celerity.bartoli.org: This tool generates a wide variety of custom IP packets. http://www.packetninja.net/nemesis/
nessus -- Jordan Hrycij and Renaud Deraison: This is a security scanning and auditing tool. http://www.nessus.org/
NET SNMP -- Wes Hardaker: This is an updated version of CMU SNMP. It is postcardware. http://net-snmp.sourceforge.net/
netcat -- hobbit@avian.org: This simple utility reads and writes data across network connections. It is available for both Unix and Windows. http://www.l0pht.com/~weld/netcat/
netmon: Supplied with Microsoft NT Server. This is network-monitoring software. A basic, stripped-down version of the netmon.exe program is supplied with Microsoft NT Server. The full version is part of Microsoft's System Management Server.
netperf -- Hewlett-Packard: This is network benchmarking and performance measurement software. http://www.netperf.org/netperf/NetperfPage.html
nfswatch -- Dave Curry and Jeff Mogul: This is a tool for watching NFS traffic. The last known site was ftp://ftp.cerias/purdue.edu/pub/tools/unix/netutils/nfswatch/.
nhfsstone -- Legato Systems: This is a tool for benchmarking NFS traffic. Current availability is unknown, but it was originally from http://www.legato.com.
NIST Net -- National Institute of Standards and Technology: This is a network emulation package that runs on Linux. http://is2.antd.nist.gov/itg/nistnet/
nmap -- fyodor@dhp.com: This is a general scanning and probing tool with lots of functionality including OS fingerprinting. http://www.insecure.org/nmap
nocol -- Netplex Technologies, Inc.: This is system- and network-monitoring software. http://www.netplex-tech.com/software/nocol/
ns -- Steven McCanne, Sally Floyd, and VINT: This is a network simulator for protocol performance and scaling. http://www.isi.edu/nsnam/ns/
nslookup: Part of the bind distribution. This tool retrieves domain name information from a server.
ntop -- Luca Deri: This is a versatile tool for monitoring network usage. http://www.ntop.org/ntop.html
ntpd -- David Mills: This is a collection of tools to set and coordinate system clocks using NTP. http://www.eecis.udel.edu/~ntp/
openssh: This is another version of ssh. http://www.openssh.com/
p0f -- Michal Zalewski: This is a passive stack fingerprinting system. http://lcamtuf.hack.pl/p0f-1.7.tgz
pathchar -- Van Jacobson: This program measures the bandwidth of the links along a network path. ftp://ftp.ee.lbl.gov/ or http://ee.lbl.gov/
pchar -- Bruce Mah: This tool is a reimplementation of pathchar. http://www.employees.org/~bmah/Software/pchar/
portscan -- Tennessee Carmel-Veilleux: This is a simple port scanner. http://www.ameth.org/~veilleux/portscan.html
putty -- Simon Tatham: This is a Windows implementation of ssh. http://www.chiark.greenend.org.uk/~sgtatham/putty/
Qcheck -- Ganymede: This is a Windows network benchmarking tool. http://www.qcheck.net
queso -- savage@apostols.org: This is an OS fingerprinting tool. http://savage.apostols.org/projects.html
ripquery: Part of the gated distribution. This tool retrieves the routing table from a system running RIP. http://www.gated.org/
rrd -- Tobias Oetiker: This is a round-robin database system useful for collecting and archiving data over time. http://ee-staff.ethz.ch/~oetiker/webtools/rrdtool/
rtquery: Part of the routed distribution. This is a tool for retrieving the routing table from a system running RIP.
samspade -- Steve Atkins: This is a multipurpose Windows tool with a wide range of features. http://samspade.org/ssw/
Sanitize -- Vern Paxson: This is a set of Bourne scripts that use the standard Unix utilities sed and awk. It is used to clean up tcpdump traces to ensure privacy. http://ita.ee.lbl.gov/html/contrib/sanitize.html
scion -- Merit Networks, Inc.: This is network statistics collection and reporting software (also called NetSCARF.) It is also available for Windows. http://www.merit.edu/internet/net-research/netscarf/
scotty -- Jürgen Schönwälder: This provides network management extension to the Tcl/Tk language. http://wwwhome.cs.utwente.nl/~schoenw/scotty/
SFS -- SPEC: This is a commercial (but nonprofit) NFS benchmark. http://www.spec.org
siphon -- Subterrain Security Group: This is a passive OS fingerprinter. The last known site was http://www.subterrain.net/projects/siphon/.
sl4nt -- Franz Krainer: This is a Windows replacement for syslogd. http://www.netal.com/SL4NT03.htm
SNMP for Perl 5 -- Simon Leinen: This is a package of Perl 5 modules providing SNMP support. http://www.switch.ch/misc/leinen/snmp/perl/
sock -- W. Richard Stevens: This is a tool for generating traffic. It is a companion tool for Steven's book, TCP/IP Illustrated, vol. 1, The Protocols. ftp://ftp.uu.net/published/books/stevens.tcpipiv1.tar.Z
socket -- Juergen Nickelsen: This program creates a TCP socket connected to stdin and stdout. http://home.snafu.de/jn/socket/
spidermap -- H. D. Moore: This is a set of Perl scripts for network scanning. http://www.secureaustin.com
spray: This tool sends a burst of packets for load testing typically included with many systems.
ssh -- Tatu Ylönen: This is a secure replacement for r-services. http://www.ssh.com/
ssyslog -- Core SDI: This is a secure replacement for syslog. It has been replaced by modular syslog. http://www.core-sdi.com/english/freesoft.html
strobe -- Julian Assange: This program locates all listening TCP ports on a remote machine. The last known official site was ftp://suburbia.net/pub/strobe.tgz.
swatch -- Todd Atkins: This log management tool is suitable for use with syslog files. http://www.stanford.edu/~atkins/swatch/
syslog-ng -- BalaBit IT Ltd.: This is an enhanced syslog that features filtering and sorting logs to different destinations. http://www.balabit.hu/en/products/syslog-ng/
Tcl/Tk -- John Ousterhout: This is a general scripting language that has been extended to support many network management tasks. http://dev.scriptics.com
tcpdpriv -- Greg Minshall: This program sanitizes tcpdump trace files. http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html
tcpdump -- Van Jacobson, Craig Leres, and Steven McCanne: This is command-line-based packet capture program. http://ee.lbl.gov/, http://www.tcpdump.org, or ftp://ftp.ee.lbl.gov/tcpdump.tar.Z
tcpflow -- Jeremy Elson: This is a capture program that separates traffic into individual flows. http://www.circlemud.org/~jelson/software/tcpflow
tcp-reduce -- Vern Paxson: The program tcp-reduce and its companion program tcp-summary are Bourne shell scripts used to selectively extract information from tcpdump trace files. http://ita.ee.lbl.gov/html/contrib/tcp-reduce.html
tcpshow -- Mike Ryan: This program reads and decodes tcpdump files. The official home for this is unknown, but it is available in several archives such as http://www.cerias.purdue.edu/coast/archive/.
tcpslice -- Vern Paxson: This tool is used to create subsets of tcpdump trace files. ftp://ftp.ee.lbl.gov/tcpslice.tar.Z or http://www.tcpdump.org/related.html
tcp-summary -- Vern Paxson: The program tcp-reduce and its companion program tcp-reduce are Bourne shell scripts used to selectively extract information from tcpdump trace files. http://ita.ee.lbl.gov/html/contrib/tcp-reduce.html
tcptrace -- Shawn Ostermann: This is a tcpdump trace analysis program. http://www.tcptrace.org
tcpwrappers -- Wietse Venema: This daemon sits between user and services to log and manage connections. ftp://ftp.porcupine.org/pub/security/index.html
teraterm -- T. Teranishi: This is a Windows telnet client that can be extended to support SSH. (See also TTSSH.) http://hp.vector.co.jp/authors/VA002416/teraterm.html
tjping -- Top Jimmy: This is a ping and traceroute program for Windows. http://www.topjimmy.net/tjs/
tkined -- Jürgen Schönwälder: This provides a network management program based on scotty and Tcl/Tk. http://wwwhome.cs.utwente.nl/~schoenw/scotty/
tmetric -- Michael Bacarella: This tool finds available bandwidth. http://netgraft.com/downloads/tmetric/
top -- William LeFebvre: This displays the most active processes on a system. http://www.groupsys.com/top/about.html
traceroute -- Van Jacobson: This reconstructs the route taken by packets over a network. It is probably supplied with your system. ftp://ftp.ee.lbl.gov/ or http://ee.lbl.gov/
trafshow -- Vladimir Vorobyev: This full screen traffic capture program gives a continuous update on network traffic. Its last reported site was http://www.rinetsoft.nsk.su/trafshow/index_en.html.
trayping -- Mike Gleason: This is a Windows tool that monitors connectivity using ping. http://www.ncftpd.com/winstuff/trayping/
treno -- Matt Mathis: This is a tool to measure the bulk transfer capacity. ftp://ftp.psc.edu/pub/net_tools/
tripwire -- Eugene Spafford and Gene Kim: This is a system integrity checker. http://www.tripwire.com or http://www.tripwire.org
ttcp -- Mike Muuss: This is a load testing program for TCP. ftp://ftp.arl.mil/pub/ttcp/ttcp.c
TTSSH: This is a set of SSH extensions for Windows telnet program, teraterm. http://www.zip.com.au/~roca/ttssh.html
vnc -- AT&T Laboratories, Cambridge: This tool displays X Window and Windows desktops on remote systems. http://www.uk.research.att.com/vnc/
WinDump and WinDump95 -- Loris Degioanni, Piero Viano, and Fulvio Risso: These are ports of tcpdump to Windows NT and Windows 95/98. http://netgroup-serv.polito.it/windump/
winping -- Rich Morgan: This is another ping utility for Windows. http://www.cheap-price.com/winping/
xinetd -- Panos Tsirigotis: This is a secure replacement for the inetd utility. http://www.synack.net/xinetd/
xlogmaster -- Georg Greve: This is Greve's older log management software. You may want to check on the status of AWACS before using it. http://www.gnu.org/software/xlogmaster/
xplot -- David Clark: A tool for graphing data in an X Window environment. There are several programs with this name, so be sure you have the right one. ftp://mercury.lcs.mit.edu/pub/shep/
xv -- John Bradley: This is a modestly priced shareware program for the interactive display of images from an X Window system. You should probably try gimp first. ftp://ftp.cis.upenn.edu/pub/xv


A.3. Licenses		B. Resources and References