Post a new topic
    7 Replies Latest reply on May 18, 2010 4:03 PM by ericsully

    Free Network Monitoring Tools

    intechspecial Ranger

      Here are some free tools, that can prove vital in the protection and security of your computer.

      Any items that do not have a link listed, just do a google search.

      Even if you might not understand completely how to use any of the listed tools below, it is still a good idea to have them installed. Wireshark is a must have, because if there ever is an issue with your computer being hacked or other illegal problems, it keeps more then enough data for a forensic analysis which will assist authorities in the ability to catch, prosecute, and convict any criminal hacker, or other illegal access to or with your pc.


      The great thing about these tools are that they are free! This community loves free!

      Wireshark Network Protocol Analyzer

      Troubleshooting network issues and locating bottlenecks Network intrusion detection Log network traffic for forensic analysis Discovering a DoS (denial-of-service) attack
      Whether you're an IT Pro or a developer, you'll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.
        • Re: Free Network Monitoring Tools
          I love wireshark, makes debugging networking apps a breeze, and allows you to track what traffic is flowing in and out of your computer to see if you are infact under attack. There's also a plethora of free, useful things by AnalogX, check his stuff out:
            • Re: Free Network Monitoring Tools
              intechspecial Ranger

              Yes it does.

              You would not believe the amount of attacks I recieve on a day to day basis.


              Mongoose expect the same results as your business grows.


              The great thing about Wireshark is that it helps you to trace the specific source of the attack.


              You can then forward this information via a report at and include wire shark information you have found.


              The key to this is that you have to have an understanding of the OSI model, to build an extremely strong case before it will be considered viable. As well you need to be able to break that information down further with an understanding of binary, hexadecimal, etc etc.



              An attacker never uses his own computer to attack another computer. In other words he masks his computer via of use of other computers IP addresses. If he finds an unsecure computer, he can take total control. A hacker that knows what he or she is doing will take control of potentially hundreds of computers to mount an attack. So wireshark lists the MAC address and the IP address of the computer that attacked yours, but the computer that attacked yours was from an unsuspecting victim. The IP address is a static address and can easily be hidden from authorities. The MAC address is a Physical Address, and is attached to your NIC card. It has relevant information to the manufacture of the card. Each NIC card sold by a manufacture is well documented as to who they sold the paticular NIC card to.

              So how can you cath the attacker then, if they are able to mask their IP address?

              Simple really. Wireshark keeps all relevant information about the persons computer that registered the attack. This computer was not the attackers but the victims. The attacker had to connect to the victims computer how? Via a "Hacked Connection" (wireless, encrypted connection, specific port, etc.) This hacked connection possibly went through an ISP's server. Guess what that server does? Guess what the CISCO router does with the different connections? They monitor and log ALL OF THEM.

              So to make a long story short, and to try and simplify some of my tech words, it is not as difficult for the government to catch a hacker as you would think. The problem is that there are thousands upon thousands upon tens of thousands of hackers being born every day. One of the fastest growing occupations with the federal government is IT professionals that are certified and/or have relevant experience in Network Security.

              One of the things a hacker looks for is an "unsecure" computer. A software firewall is probably not enough in most cases. Any potential hacker will stay away from a PC that has wireshark installed, as they understand the forensic analysis that can be applied. If they do not stay away, they must become more "creative" in how they attack your pc, potentially trying to hack wireshark itself. The risk is much much greater at this point, and most hackers are not stupid enough or have enough knowledge to continue to mess with a PC that can capture and analyze every tiny packet that comes and goes on a PC.

              So for the people out there that have no idea what a wireshark program is or does, it is still a good install. in case of problems, a forensic analysis can be done.
                • Re: Free Network Monitoring Tools
                  Right you are, intech, though there are methods to mask any sort of attack. A skilled network engineer can spot these little tricks, but some things can be very perplexing. For example, i've seen nothing but ICMP requests coming off of a compromised computer that pointed to a strobe effect across their DNS's entire subdomain structure (from x.x.1.1 - x.x.255.255) for some unknown reason. No data was coming back except for ACKs, and nothing seemed to really apply this data (unless whatever was compromising the machine was just set forth to learn the structure of a network.)

                  The most common attacks seem to be just TCP floods, though, which can be spotted immediatly by the sheer amount of traffic you would see under a packet sniffer such as Wireshark. I mainly use it, as i said, to debug networking apps and see how my data is being handled and how it looks while being transmitted, and what comes back. Beats adding multiple lines to your code just to spit out TCP_ACK codes for reliables :P
                    • Re: Free Network Monitoring Tools
                      intechspecial Ranger
                      Yes an extremely good hacker is very difficult to catch.

                      One of the biggest threats to our nation is the threat of an attack on our nation's eccommerce. Countries like China are finding ways to do things like that you mentioned but by comprimising literlally thousands of computers.

                      As far as the ICMP requests, how far did you get into tearing apart the packet itself?

                      Do you know how to take the information that wireshark gives you beyond just the port and protocol?

                      What type of app are you speaking of? I mean what language?
                      • Re: Free Network Monitoring Tools
                        intechspecial Ranger

                        The ICMP request sounds like what is called a port scan, this is where the comprimised computer is being used as a Server to send UDP requests. The victims computer is just a desktop, but the hacker installs a trojan horse that acts like a server, it then masks it's IP address via some trickery, BUT it is looking for specific ports to attack. When it finds an unsecure port it floods that port until it can make a connection via that specific port. It then installs the same trojan horse on the unsuspecting new computer.

                        Many, many attacks like this and the hacker has control over many pc's. If he sees any trouble, all he has to do is remove the trojan horse, and he is untraceable.

                        As far as a network engineer, I have seen more programmers then network engineers do this type of thing, as they can write the programming language for just this type of thing, and a network engineer is typically week on the programming side of things, although his vast understanding of everything from the OSI Model up, will make things easier for him if he needs to look into problems.

                        I at one point thought about furthering my career into the world of CISCO certifcations, but man this is the work of a rocket scientist. I was going to try to scale down to just a simple ethical hacker cert, but the near sound of it did not seem admirable to me. If you tell someone you are a certified Ethical Hacker, they think you are a criminal and do not understand that you actually work in security. I do not know how much wait it holds in the Network Security side of things, if any.

                        During my education, I found there are some unbelievalbe well paying contracts on the end of Network Security. If you can become a reputable and accomplished Network Security Engineer or even just an Security Analyst, you are well on your way to hitting 6 figures. This one team I knew of would work on 2 week projects. They would get a bid on a major gig where the objective was to hack a secure network. Let's say a bank would hire them for the project. As a Securty Analyst you had better have the backround of a saint, because if they found out you stole a candy bar when you were 14, your done. So anyways, these guys would get the contract and the objective was to hack into the network. The bank would leave a folder deep within the network, well beyond the CISCO router, and past the Global Domain Server. There was a specific folder that was as secure as fort knocks that they had to get a "code from". So the Security Analysts would work potentially 2 weeks sleep without much sleep. They were giving all of the resources they would have in a real world situation. The IT Department would continue on there normal daily activites of monitoring and such, unknown to them there was this contract going on in the background. Once the analysts got in, they then wrote up a complete book on the issues and how they did things to get in. They built a custom solution and then offered extensive training and made reccomendations to the head of the IT department as to what changes they needed and would offer training as well if needed. So at the end of about the third week, payday.



                        My MCSA, and other certifications allow me to have a much greater understanding of how everything works on the Engineering side of things, and now my abilities and advances in programming make the whole picture come togehter alot easier. I was just a year or so away from getting my Systems Engineer Certification, when I ran out of funding to continue. The Systems Administrator Cert was a great addition, but really I only worked on a tech level, with some project management along the way.
                        1 of 1 people found this helpful
                          • Re: Free Network Monitoring Tools
                            intechspecial Ranger
                            Sorry my paragraphs got mixed up a bit their.

                            So the end of the three weeks payday.

                            Guess what their pay was?

                            At minimum, 80k and potentially well over 120k dependant on the depth and detail of the security analysis.

                            Unfortunately for me, I might think I am a "Computer Scientist" in training, but I am by no means a Rocket Scientist.

                            I expect you need a minimum IQ of 140(Genius) to even think about this level of work.
                    • Re: Free Network Monitoring Tools
                      ericsully Newbie
                      This is the monitoring tool I use right now and it's free