Network Security Tools

1) TCPDUMP

• Tcpdump is a command-line tool for capturing and analysing network data on your system. It is frequently used to debug network issues and as a security tool.
• Tcpdump is a robust and adaptable tool with numerous settings and filters that may be used in a number of situations. Because it is a command line tool, it is perfect for running in remote servers or devices without a graphical user interface to gather data that can be evaluated afterwards. It may also be run in the background or as a scheduled job using technologies such as cron.

Installation

$ sudo apt-get install tcpdump       [On Debian, Ubuntu and Min
$ sudo yum install tcpdump           [On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux]
$ sudo emerge -a sys-apps/tcpdump    [On Gentoo Linux]
$ sudo pacman -S tcpdump             [On Arch Linux]
$ sudo zypper install tcpdump        [On OpenSUSE]        

Uses

1. Capture Packets from Specific Interface: The command screen will scroll up until you interrupt and when we execute the tcpdump command it will captures from all the interfaces, however with -i switch only capture from the desired interface.

  $ tcpdump -i eth0
  
2. Capture Only N Number of Packets: When you run the tcpdump command it will capture all the packets for the specified interface, until you hit the cancel button. But using -c option, you can capture a specified number of packets.

  $ tcpdump -c 5 -i eth0
    
3. Print Captured Packets in ASCII: The below tcpdump command with the option -A displays the package in ASCII format. It is a character-encoding scheme format.

  $ tcpdump -A -i eth0
      
4. Display Available Interfaces: To list the number of available interfaces on the system, run the following command with -D option.

  $ tcpdump -D

5. Capture Packet from Specific Port: to capture packets from a specific port 22, execute the below command by specifying port number 22 as shown below.

  $ tcpdump -i eth0 port 22
                

2) NIKTO

Nikto can be used to scan a web server. It is an open-source program written in the Perl programming language, to look for vulnerabilities that might be exploited and lead to server penetration. Additionally, it can detect issues with particular version information of more than 200 servers and check for out-of-date version details on 1200 servers. This article will guide you through installing and using it on Ubuntu Linux.

Installation

Ubuntu already has Perl installed. So, all that is required is to download the tool, unpack it, and run the command with the appropriate settings

Following are the steps to install nikto

1. Launch terminal and type the following
wget https://github.com/sullo/nikto/archive/master.zip


2. Next, unpack it with an archive manager tool or use tar and gzip together with this command. unzip master.zip

cd nikto-master/program
nikto-master/program$ perl nikto.p


3. Type nikto.pl to check whether the installation was successful. If it was successful, it will show + ERROR: No host or URL specified        

Uses

Nikto is an open source scanner that helps you find potential security threats in your websites and web applications. It fully automates vulnerability scanning and can find issues like service misconfigurations, insecure files/programs, and thousands of other security issues. Nikto can also be paired with other network tools such as metasploit.

Usage

Now that we have nikto installed on our system, we can go ahead and start scanning with this too

To view all the commands which Nikto makes us available, use
> nikto -Help

To perform a single domain scan, use the -h flag. -h stands for host
> nikto -h scanme.nmap.org

To scan IP addresses of a web server, we can pass it directly with the -h flag
> nikto -h 45.33.32.156

For domains that have HTTPS enabled, we need to perform a scan with SSL
>  nikto -h https://nmap.org -ssll        

3) AirCrackNG

The preferred tool for examining and breaking wireless networks is Aircrack-ng. It has a number of tools, all of which operate via a command line interface and are scriptable.

Installation

$ sudo apt-get install build-essential libssl-dev libnl-3-dev pkg-config libnl-genl-3-de

Download and install the latest aircrack-ng (current version):

$ wget http://download.aircrack-ng.org/aircrack-ng-1.2-rc4.tar.gz  -O - | tar -xz

$ cd aircrack-ng-1.2-rc4

$ sudo make

$ sudo make install

Ensure that you have installed the latest version of aircrack-ng:

$ aircrack-ng --helpv        

Usage

Run sudo airmon-ng to get a list of current devices that are connected to our computer

Once installed, monitor mode can be enabled on the wireless interface by running the command below:

ubuntu@ubuntu:~$ sudo airmon-ng start wlan0 #<network interface name>

You can also disable the monitor mode by stopping the airmon-ng anytime by using the command below:

ubuntu@ubuntu:~$ sudo airmon-ng stop wlan0 #<network interface name>

Run sudo airodump-ng <network interface name> which will give us a list of client devices that are connected to the network. 

Sonali Kothari, PhD Department of Computer Science Engineering and AI-Machine Learning, SIT Pune