tcpdump
This program allows you to dump the traffic on a network. tcpdump
is able to examine IPv4, ICMPv4, IPv6, ICMPv6, UDP, TCP, SNMP, AFS
BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS and many other packet
types.
It can be used to print out the headers of packets on a network
interface, filter packets that match a certain expression. You can
use this tool to track down network problems, to detect "ping attacks"
or to monitor network activities.
Canonical provides critical updates for tcpdump until October 2010.
WireShark
Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. A sniffer is a tool used to capture
packets off the wire. Wireshark decodes numerous protocols (too many
to list).
This package provides wireshark (the GTK+ version)
Canonical does not provide updates for wireshark. Some updates may be provided by the Ubuntu community.
tcpflow
tcpflow is a program that captures data transmitted as part of TCP
connections (flows), and stores the data in a way that is convenient
for protocol analysis or debugging. A program like 'tcpdump' shows a
summary of packets seen on the wire, but usually doesn't store the
data that's actually being transmitted. In contrast, tcpflow
reconstructs the actual data streams and stores each flow in a
separate file for later analysis.
tcpflow understands sequence numbers and will correctly reconstruct
data streams regardless of retransmissions or out-of-order delivery.
However, it currently does not understand IP fragments; flows
containing IP fragments will not be recorded properly.
tcpflow is based on the LBL Packet Capture Library and therefore
supports the same rich filtering expressions that programs like
'tcpdump' support. tcpflow can also rebuild flows from data captured
with 'tcpdump -w'.
Canonical does not provide updates for tcpflow. Some updates may be provided by the Ubuntu community.
netdude
http://netdude.sourceforge.net/
The Net work Du mp data D isplayer and E ditor is a framework for inspection, analysis and manipulation of tcpdump trace files. It addresses the need for a toolset that allows easy inspection, modification, and creation of pcap/tcpdump trace files. Netdude builds on any popular UNIX-like OS, such as Linux, the BSDs, or OSX.