I've been toying with Live distros (CD, then USB) for many years, in
support of security toolsets, to which I kept adding my own stuff, or
customizing existing components.
I am now trying to "build" a network toolset LiveCD/USB, but this time with
a completely different purpose: I would like to put it in the hands of all
remote offices we have on our network, and use it to have local systems
boot out of it, and help us then run troubleshooting tools, from the
central office, by SSH/X-ing into the remote live system (e.g. iperf,
hping3, httping, tcping, mtr, tcpdump, voip tools, some "thin"
clients/apps, synthetic transactions scripted to run at diff time
intervals, and report back to us the "health" seen form the remotes, etc.).
Has anybody used a "base" network tools Live CD/USB that they would
recommend, having used as "basis" for such a "network probe" functionality?
NOTE: I assume *nix based (Linux or BSD flavors), not Windows ...
http://www.kali.org/ - it is completely customizable, as well.
Should have mentioned what I already use for security toolset base: Kali
and Security Onion ...
Alternatively, GRML Linux:
I understand it is more about admin than pentesting. Also, last time I
downloaded (few months ago), images were somewhere in <=~ 400MB area (vs
Kali's 2GB, AFAIK). I am not sure about customizations. It is some kind of
Debian's relative, so, in theory, why not.
BTW, I am long time lurker and this is my first post here, so hello
everybody. You guys know what are your interests - mine are there, too,
either full set or a subset.
live-build (Debian based) is what I've been using, and has the benefit of
allowing you to pick and choose from Debian's vast repository. Here's my
latest build script:
I use Voyage Linux: http://linux.voyage.hk/
In several modes:
- Bootable USB flash drive
- On PC Engines ALIX boards from Compact Flash
- And in a few instances on servers with spinning disks, and desktop with
minimal window system
The bootable USB stick has been used extensively for iperf + tcpdump +
analysis from PCs are remote locations. We either have people copy an image
to the USB stick, or mail them a stick. Then they can turn (almost) any PC
into a network analysis tool. We have the system report it's IP address at
boot time, and then we ssh in.
I'm toying with a similar idea, though of putting a Raspberry Pi in remote
offices to do tests from. I'm just looking for something I can ssh too,
however, it also doesn't seem like much of a stretch to put some kind of
web-based screen that someone in the office could run an automated scan, and
read us off information that might help.
There is a lot to be said for the RaspberryPi, but network throughput, and
especially processing power are limited. My tests show that the RaspberryPi
could push only about 46 Mbps of iperf while most PCs configured the same
way get almost to wire speed (100 Mbps or 1Gbps), and processing 30 seconds
of 45 Mbps traffic on the RaspberryPi takes many minutes. But, if you want
to test slower circuits, it can't be beat for cost, size, flexibility.
I am expecting delivery of a Parallella board in October and will be
testing it for iperf capability at GigE speed.