One thing about building home local area networks (LANs) is that the more you add to it, the more things can go wrong. Even when things are running smoothly, I still want to know what's going on so I can prevent minor issues from turning into lack of connectivity, and that means lots of monitoring, testing, and poking at interfaces and appliances. Most of this I'll do from a Linux terminal, because it's just easier for me to keep the stack of network tools coherent. Most of my network hardware runs *nix variants, so I don't need to learn multiple versions of the same tools.

But the even better plan is to have a single Linux distro that encompasses the networking tools I use most, plus hundreds of others, wrapped in a security-conscious package. I've been using Kali Linux as my home networking multi-tool since before it was called Kali, when it was called BackTrack, and it's been my go-to for all networking issues. It was created for penetration testing, which means it's got tons of network testing tools built in, and I can't be without it.

Wireshark

Still my favorite packet sniffer

Wireshark is one of the best traffic analysis tools, showing you real-time packets moving through your network, their replies, data transfers, and potential suspicious activities. I can scan all network protocols running on my LAN and keep a close eye on what's happening. It's not the easiest tool to use at first, but over the years, I've become accustomed to watching the flow of data, and it's taught me a ton about how networking works in the process.

Nmap

Find out what's running on network hosts

I probably spend more time using Nmap than any other tool, partly because I'm used to network scanning from the command line, but also because it's one of the most fully-featured scanners. I can see everything that's active on my network with a simple nmap -sn, often resolving MAC addresses to the device's vendor, which helps me narrow down what's connected very quickly. I can use this the plethora of command line switches to drill down into what services are available on individual devices, open ports, and things that shouldn't be running at all.

But it's not just searching for devices I can do. Nmap can be used to monitor uptime, verify which ports are available for self-hosted services, reverse proxies, and the like, and poke at my firewall rules to see if anything was left open by accident. It'll show me if ports are filtered from the scan, which tells me that something is blocking access to those, and I can scan TCP, UDP, and ICMP to ensure my firewall and NAT rules are running as intended.

And it's got an incredibly powerful scripting engine, NSE, with a wide range of community-maintained scripts for everything from brute-forcing passwords to identifying malware-ridden hosts and checking SSL certificates. It uses Lua for scripting, so it's relatively easy to adjust or create your own scripts if you need something specific.

Tcpdump

View, test, and simulate packet issues

Tcpdump is another tool I use often, not just for analyzing traffic sourced from my Kali installation, but also for simulating broadcast storms to see how my smart home responds. Sometimes I don't want to go through the sifting process in Wireshark, and I'll use tcpdump to sniff traffic to or from a specific IP address instead. But you can use it to capture packets from virtual network adapters, or even Bluetooth adapters attached to your computer, which is excellent for diagnosing annoying Bluetooth audio dropouts.

tcpdump -i eth0

I use it to test that VPN traffic is properly being sent through the tunnel created, as sometimes packets don't always get sent as they're intended and being able to see the entire packet and which flags are applied is an instant indicator of why something is happening. It's also a good way to capture .pcap files for analysis in Wireshark, since tcpdump uses fewer system resources.

Iperf3

To test bandwidth between any two computers among other things

I spend an inordinate amount of time ensuring that the bandwidth performance between any two points on my network is working as intended, and iPerf3 is my go-to. I can even set up the server part on my phone and test the connection to it, and it's been instrumental while building out my 10GbE network links. But because it is designed to take up the entire network pipe it runs on, it can be used to test QoS, firewall, and IPSec throughput, making it more than a simple speed test. And you can use it to show jitter, test multicast, or how your router forwards packets, which is always fun to play with.

Netcat

Ah, Netcat, how will I use you today?

Netcat can be used in so many different ways that it's hard to know where to start describing it. I could use it to tunnel traffic to test machines, or simulate services, or send little messages to remote servers to see how they'll respond to new files being added. But it's also an essential tool in the chain for gaining shell access to Samsung devices via exploits, backing up your system, or feeding a dd disk write over the network, which is equal parts interesting and horrifying because there are no checks in place.

Kali Linux has a ton of more useful tools but these are the ones I use most

With over 600 tools to choose between, Kali Linux has what you need to test, monitor, and secure your network. It'll also let you poke at your existing security measures and show you whether anything needs further hardening. But even if what I need isn't on that list, it's a simple matter of installing the required packages, since it's Linux. I don't want to reinvent the wheel for network monitoring, and Kali is the go-to for security professionals worldwide —why would I use anything else? SysLinuxOS seems good too, but I've used Kali since before it was Kali, and it's like muscle memory at this point.