NetHogs - Small 'net top' tool

NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.

Since NetHogs heavily relies on /proc, it currently runs on Linux only.

 Now supported:

• Shows TCP download- and upload-speed per process
• Supports both IPv4 and IPv6
• Supports both Ethernet and PPP

Ideas/ToDo for new releases:

• Incoming UDP packets?
• Sort the output by other values than network usage
• Monitor specific processes
• Make it work correctly on machines with multiple IP addresses
• Integrate into another tool?
• gui? 

Download NetHogs

Read More

[Microsoft Network Monitor 3.4] Tool to allow capturing and protocol analysis of network traffic

Microsoft's Network Monitor is a tools that allow capturing and protocol analysis of network traffic. Network Monitor 3 is a protocol analyzer. It enables you to capture, to view, and to analyze network data. You can use it to help troubleshoot problems with applications on the network. This article contains download and support information, installation notes, and general usage information about Network Monitor 3. Network Monitor 3.4 is the latest version.

Network Monitor 3 is a complete overhaul of the earlier Network Monitor 2.x version. Some key features of Network Monitor 3 include the following:

• Script-based parser model with frequent updates
• Concurrent live capture sessions
• Support for Windows 7
• Support for 32-bit platforms and for 64-bit platforms
• Support for network conversations and process tracking
• API to access capture and parsing engine
• Wireless Monitor Mode Capturing

Supported Operating System

Windows 7, Windows 8, Windows Server 2003 Service Pack 2, Windows Server 2003 Service Pack 2 x64 Edition, Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2012, Windows Vista 64-bit Editions Service Pack 1, Windows Vista Service Pack 1, Windows XP 64-bit, Windows XP Service Pack 3

Hardware

• 1 GHz or greater CPU
• 1 GB or greater memory
• 60 MB free hard disk space plus extra room for capture files

Download Microsoft Network Monitor 3.4

Read More

[tcpxtract] Tool for Extracting Files from Network Traffic

tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called "carving") is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. Tcpxtract uses this technique specifically for the application of intercepting files transmitted across a network. Other tools that fill a similar need are driftnet and EtherPEG. driftnet and EtherPEG are tools for monitoring and extracting graphic files on a network and is commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG is that they only support three filetypes with no easy way of adding more. The search technique they use is also not scalable and does not search across packet boundries. tcpxtract features the following:

Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file.

• With a quick conversion, you can use your old Foremost config file with tcpxtract.
• Custom written search algorithm is lightning fast and very scalable.
• Search algorithm searches across packet boundries for total coverage and forensic quality.
• Uses libpcap, a popular, portable and stable library for network data capture.
• Can be used against a live network or a tcpdump formatted capture file.

Download tcpxtract

Read More