D'Alfonso & Co. > Toolbox  > Setting Network Analysis Tools on Ubuntu 16.04 LTS

Setting Network Analysis Tools on Ubuntu 16.04 LTS

The reason for using Ubuntu is the availability of some great tool, difficult to get working on Windows systems, so as we are building an All In One VM, we  will stick to the latest 16.04 LTS, already supplying the insight GDB front end, previously built, and, as just released on April 21st , will cover the next 5  years.

Also if building is funny, the goal is having a working set to fulfill customer needs for as long as possible, so get relaxed up to 2021, and use the result.

Our VM will supply the following tools:

  1. WiresharkWireshark is a well known free network analysis software, with a rich GUI and support for wide range of protocol dissectors. The motto is “Go Deep”.
    It’s available also on Windows, where it is usually  used, if no other software would need to be bundled in an AIO fashion.
  2. Scapy

    The apparently innocuous scapy shell

    Python has a solid tradition is network analysis and also a consistent literature covers the use of python to build network related tools.
    If Wireshark  “Goes Deep”, scapy “Goes Deeper Than Deep”.
    Created and developed by Philippe Biondi, and the derived community, scapy allows to make a surgical dissection, creation, sending and sniffing of any packet, with a graphical support to get a visible display of all the packets’ details.

    The details of a packet

    What makes scapy great is that, being a python library, all its features can be part a python script, of any complexity, and functionality.
    But to use scapy, and to get advantages a solid python knowledge is needed.

  3. Some other command line tools
    There are other tools that can be useful, as tcpdump and nmap.
    While tcpdump is already installed, nmap needs to be installed:sudo apt-get install nmap

Installing Wireshark from the Ubuntu repository

Wireshark is included in the default Ubuntu repository, also it could not be the latest version.

Ubuntu 16.04 LTS was released 3 days ago, so it contains a current version. So currently it can be setup using the following command:

sudo apt-get install wireshark

Installing Wireshark from Launchpad

If later the version available will become out of date there will be a chance to get a more recent one on the Launchpad repository, that can be added in this way:

sudo add-apt-repository ppa:wireshark-dev/stable
sudo apt-get update

and then:

sudo apt-get install wireshark

Currently the launchpad repository does not have a version for 16.04 LTS, it is up to the 15.10.

To be able to capture using a non root user, there is a need to change execution permissions to dumpcap:

sudo chmod 755 /usr/bin/dumpcap

Installing scapy

Prerequisites:

sudo apt-get install python-gnuplot
sudo apt-get install python-pyx
sudo apt-get install python-crypto

Scapy:

sudo apt-get install scapy

Get the latest version:

sudo apt-get install python-pip
sudo –H pip2 install –upgrade scapy

Now the funny part is finished. The time to use them has arrived.

No Comments

Leave a reply