ntopng alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

64

Alternative: graudit

Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.

Project details

graudit is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • code analysis

graudit project page

85

Alternative: Xplico

Xplico is a forensics analysis tool to investigate the traffic patterns in a pcap file. It is released as a GPL project, with some scripts under a CC license.

With Xplico analysis can be performed on captured internet traffic. The data stored in a pcap file can then be displayed and the related protocol data can be extracted from the capture file. This may include emails, HTTP sessions, VoIP calls, or anything that can be recognized and stored.

84

Alternative: addrwatch

Addrwatch is a tool similar to arpwatch to monitor IPv4/IPv6 and ethernet address pairing.

Similar to arpwatch, this tool addrwatch will monitor the pairing between ethernet and IP addresses.

Main features:

  • IPv4 and IPv6 address monitoring
  • Monitoring multiple network interfaces with one daemon
  • Monitoring of VLAN tagged (802.1Q) packets
  • Output to stdout, plain text files, syslog, sqlite3, MySQL
  • IP address usage history preserving output and logging

84

Alternative: arping

arping is a tool for the discovery of hosts on a computer network using the Address Resolution Protocol (ARP).

arping is similar to the 'ping' utility for testing a network and the discovery of systems. Where the 'ping' command typically uses the Internet Control Message Protocol (ICMP), arping uses the Address Resolution Protocol (ARP).

63

Alternative: ArpON

ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).

ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

The tool works by using three types of inspection to detect a related attack.

  • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
  • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
  • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

Project details

ArpON is written in C.

Strengths

  • + The source code of this software is available

ArpON project page

52

Alternative: arp-scan

arp-scan is a security tool that sends ARP packets to hosts on the local network. Any responses to the requests are displayed.

The arp-scan utility can be used to detect hosts on the network. As it uses ARP, it only applies to IPv4, as IPv6 uses the neighbour discovery protocol (NDP).

74

Alternative: hping

hping is a tool to assemble and analyze TCP/IP packets. The interface is looks like the common ping command, yet allows more than just ICMP echo requests.

Used for: Firewall testing, port scanning, network testing, traceroute, OS fingerprinting, OS fingerprinting, uptime guessing, TCP/IP auditing

Supported protocols: TCP, UDP, ICMP and RAW IP

Abilities: traceroute mode, send files between a covered channel

According to the website, hping is no longer actively developed. Some changes may be integrated into the source tree at GitHub.

Project details

hping is written in C.

Strengths

  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available
  • - No updates for a while

Typical usage

  • network analysis
  • penetration test

hping project page

74

Alternative: Scapy

Scapy is an interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols and send and capture them.

Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.

According to the description of the author, Scapy can replace hping, most of of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, and p0f.

Project details

Scapy is written in Python.

Strengths

  • + More than 1000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Many provided pull requests are still open

Typical usage

  • network analysis
  • security assessment

Scapy project page

72

Alternative: THC IPv6 Attack Toolkit (thc-ipv6)

THC IPv6 attack toolkit a set of utilities. It can be used for penetrating testing and security assessments of correct network implementations.

Tools:
- parasite6: ICMPv6 neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP MitM (and parasite)
- alive6: an effective alive scanng, which will detect all systems listening to this address
- dnsdict6: parallel DNS IPv6 dictionary brute-forcer
- fake_router6: announce yourself as a router on the network, with the highest priority
- redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever ICMPv6 redirect spoofer
- toobig6: mtu decreaser with the same intelligence as redir6
- detect-new-ip6: detect new IPv6 devices which join the network, you can run a script to automatically scan these systems etc.
- dos-new-ip6: detect new IPv6 devices and tell them that their chosen IP collides on the network (DOS).
- trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
- flood_router6: flood a target with random router advertisements
- flood_advertise6: flood a target with random neighbor advertisements
- fuzz_ip6: fuzzer for IPv6
- implementation6: performs various implementation checks on IPv6
- implementation6d: listen daemon for implementation6 to check behind a firewall
- fake_mld6: announce yourself in a multicast group of your choice on the net
- fake_mld26: same but for MLDv2
- fake_mldrouter6: fake MLD router messages
- fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
- fake_advertiser6: announce yourself on the network
- smurf6: local smurfer
- rsmurf6: remote smurfer, known to work only against Linux targets at the moment
- exploit6: known IPv6 vulnerabilities to test against a target
- denial6: a collection of denial-of-service tests against a target
- thcping6: sends a handcrafted ping6 packet
- sendpees6: a tool by willdamn@gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto) to keep the CPU busy.

Project details

THC IPv6 Attack Toolkit is written in C.

Strengths

  • + Project is mature (10+ years)
  • + The source code of this software is available

Typical usage

  • network analysis
  • penetration test
  • security assessment

THC IPv6 Attack Toolkit project page

93

Alternative: Yersinia

Yersinia is a framework to perform layer 2 attacks. It can be used for pentests and security assessments to test network safeguards.

The Yersinia tool takes advantage of known weaknesses in several network protocols. It helps with trying to abuse the weaknesses to ensure that network protections are implemented where possible.

Related protocols:

  • Spanning Tree Protocol (STP)
  • Cisco Discovery Protocol (CDP)
  • Dynamic Trunking Protocol (DTP)
  • Dynamic Host Configuration Protocol (DHCP)
  • Hot Standby Router Protocol (HSRP)
  • 802.1q
  • 802.1x
  • Inter-Switch Link Protocol (ISL)
  • VLAN Trunking Protocol (VTP)

100

Alternative: IVRE

IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

Project details

IVRE is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - More than 10 contributors
  • - More than 500 GitHub stars

Typical usage

  • digital forensics
  • information gathering
  • intrusion detection
  • network analysis

IVRE project page

89

Alternative: Wireshark

Wireshark is the well-known network protocol analyzer. It allows you to see what is happening on the network and zoom into the details of the network protocols.

Wireshark is a mature project with many users all over the world. Its library is stable and can be used by both graphical as text-based interfaces. With many books and even conferences around the subject, this tool is a safe bet to have in your toolbox.

Project details

Wireshark is written in C.

Strengths

  • + The source code of this software is available
  • + Well-known tool

Typical usage

  • network analysis
  • network traffic analysis
  • security assessment
  • troubleshooting

Wireshark project page

64

Alternative: Maltrail

Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

Project details

Maltrail is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - More than 10 contributors
  • - More than 2000 GitHub stars

Typical usage

  • intrusion detection
  • network analysis
  • security monitoring

Maltrail project page

89

Alternative: mitmproxy (mitmproxy)

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

Project details

mitmproxy is written in Python.

Strengths

  • + More than 50 contributors
  • + More than 7000 GitHub stars
  • + The source code of this software is available

Typical usage

  • network analysis
  • penetration test
  • security assessment

mitmproxy project page