Tcpdump is the most popular general-purpose packet analyzer. It uses libpcap library to capture packets on OSI layer 2 (e.g., Ethernet, PPP, and SLIP), and above. Tcpdump supports regular expressions for advanced packet filtering, and allows one to export and import packet dumps to and from a file. http://www.tcpdump.org/
Wireshark (formerly known as Ethereal) is an open-source packet analyzer with graphical front end. Functionality-wise, Wireshark is quite similar to tcpdump, and is available on multiple platforms including Linux, BSD, and Mac OS X, and MS Windows. https://www.wireshark.org/
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. https://ettercap.github.io/ettercap/
Aircrack-ng is a complete suite of tools to assess WiFi network security. All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2. It focuses on different areas of WiFi security. http://www.aircrack-ng.org/
Kismet is a wireless network detector and intrusion detection system for 802.11 wireless links, supporting 802.11a, 802.11b, 802.11g, and 802.11n. It identifies wireless clients and their network association by passively collecting packets on wireless network card interfaces. Kismet also detects active wireless sniffing programs to alert wireless network attacks. https://www.kismetwireless.net/
Snort is an open-source intrusion detection system that relies on real-time network sniffing and analysis. Snort conducts extensive protocol analysis and content matching to detect a variety of network attacks and hostile scans. https://www.snort.org/
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP). http://lcamtuf.coredump.cx/p0f3/
Dhcpdump snoops on DHCP request/response traffic captured by libpcap library, and displays the DHCP packets in human readable formats. dhcpdump is useful for DHCP debugging and troubleshooting.
Hcidump is a Bluetooth traffic sniffer which captures HCI packets associated with Bluetooth devices, and display Bluetooth related activities in human readable formats.
Thank you :)
