EXP: Geekbuzz - Be a Network Spy : Top 5 Tools in the CLI

Geekbuzz - Be a Network Spy : Top 5 Tools in the CLI

Want to know why your ping times suck in Battlefield 4? Be careful, you might actually enjoy learning how to troubleshoot your network in the command line. Monitor performance, bandwidth usage much more using simple code.

Watch Video

I feel like, again, the title promised more than the actual content provided.
The tools you showed in the video either are the most basic programs there are for network-troubleshooting or simply grab information that is freely available on the web.
I would hardly call these spy-tools, except for iftop.
Taking over someone's Facebook account he/she carelessly left logged in is not hacking...

NMAP would be a top spy-tool I expected to see in a top-networking-tools list, a versatile portscanning-tool that actual hackers use to find a machine's weaknesses for an attack.
Also useful to scan your home-subnet to find a machine of which you do not know the address.
It is not an attack-software nor considered illegal, unless you are one of those government officials who still print out the internet.
It is more like checking the state of every door and window of a building from outside the premises.

iftop looks handy. I'll give that a shot

ping: Some hosts turn off ICMP responses, since ping and friends can be used to mount cheap DoS attacks. So the lack of a ping response isn't clinching proof that a host is inaccessible.

traceroute: Similar problem -- some hosts will discard packets whose TTL has dropped to zero, rather than returning an error to the originator. Also some hosts and/or routers in between don't want you to know how they're hooked together, so they'll nerf TTL errors as well.

dig: RTFRFC. `dig` basically emits and receives DNS queries directly. If you don't know the DNS protocol or the database record structure it uses, there's a good chance you'll misinterpret the results.

iftop: Huh, never heard of this one. Reminds me a bit of `iptraf`...

whois: Not really all that useful for diagnosing network trouble. However, it can give you a rough idea of whose rogue network is sending you all those bruteforce SSH login attempts (*cough*hinet.net*cough*)...

^^ True, it's best practice to disable ICMP responses.

Who is this video for? People who are comfortable with the command line already who already know about these very basic tools or raw notices that are too scared to even venture to the black-screen of doom.

Thanks for the well explained video! As a Windows user I knew already a lot of them or at least their Windows equivalents. There still seems to be a little gap in tools on Windows considering iftop. Or is it available for Windows with a different name?

StHubi:
Thanks for the well explained video! As a Windows user I knew already a lot of them or at least their Windows equivalents. There still seems to be a little gap in tools on Windows considering iftop. Or is it available for Windows with a different name?

Nixie mentioned Wireshark as a better tool for capturing network-traffic.
It is practically iftop with a graphical user interface (short: GUI).

Be aware though, that sniffing public wireless communications is a legally and morally gray area, if not entirely illegal in your country.
We are talking about invading the privacy of others by tapping into their traffic here and not everyone uses, or can use, encryption.

Hacker-Ethic is the keyword here.
Would also be a nice topic for a future episode, elaborating a bit about the minds and ideas behind the screens.

Stryker:
Nixie mentioned Wireshark as a better tool for capturing network-traffic.
It is practically iftop with a graphical user interface (short: GUI).

Be aware though, that sniffing public wireless communications is a legally and morally gray area, if not entirely illegal in your country.
We are talking about invading the privacy of others by tapping into their traffic here and not everyone uses, or can use, encryption.

I know Wireshark already and it is illegal to use it in my country unless you have the permission of the network owner... Normally I prefer command line utilities if they are available, but Wireshark does a REALLY good job.

Flunk:
^^ True, it's best practice to disable ICMP responses.

Who is this video for? People who are comfortable with the command line already who already know about these very basic tools or raw notices that are too scared to even venture to the black-screen of doom.

I found it quite useful, myself. I'm pretty comfortable with workaday UNIX commands, but very rarely venture into the world of networking.

I knew ping was a thing, of course, and I was aware of traceroute and whois but didn't realize they were available as CLI utilities. iftop and dig were strictly new information.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here