Thursday, September 30, 2010

Essential utilities for working with Layer 3 and Layer 4 devices

Networking equipments including switches and routers are the building blocks of any computer network. And if you are one lucky person who gets to meddle with these, there is nothing better than a GNU/Linux machine with few utilities to help you go inside out of these devices, traversing the entire network.

1. Serial port interface for configuration

gtkterm:

This is a cool tool, equivalent of the hyperterminal in Windows machines. You can select any of the available serial ports and configure the baud rate of the selected port with much ease. \

One negative point is users cannot directly copy/paste into the gtkterm terminal. But, we can send raw data by putting it into a text file and using the option "send raw data" in the file menu.

putty:

Needless to mention the versalile nature of this utility, which can be used to send raw data, telnet, ssh, remote login and also to access the serial ports.

I use this utility when I have to log all the configuration I do. Instead of dumping all configuration to the default log file, we can point it to any desired file ( in terminal)

putty -l /home/USER/LOGFILE


2. Packet sniffing and capture:

wireshark:

If the need is to capture and study every packet impinging on the network interface, there ain't another utility as useful as the wireshark (in GUI).
In a Debian machine, when not in root mode, wireshark does not give users the permissions to sniff the packets on the network interfaces, and hence must be run as sudo

sudo wireshark in terminal or gksudo wireshark in run prompt(alt+F2)



tcpdump:

But, when you do not have the privileges of a GUI( which is the case most of the times) and have remotely logged onto a server, the best tool to sniff packets is tcpdump. With its rich filtering options, it is the most handy tool to sniff packets. The comprhensive man page of tcpdump would throw more light on the usability.



With all these utilities and a GNU/Linux machine you are all well equipped to invade the networks :)

Addendum to original post (30/09/10)


Well this is the marvel of the community. With this post and interactions with peers, discovered an efficient terminal based packet sniffer and analyzer !

tshark ( terminal version of wireshark)
By running the next command on the terminal, you see beautiful deciphered packet data on your screen:) Pipe it and read through the entire stuff :)

raghu@fossphosis# tshark -i eth0 -V 
 
tshark packet capture

No comments:

Post a Comment