Cybercrimes occur in the 7 OSI layers, but analysis, data collection and often the onset of these attacks occur in the early layers. For a detailed analysis of a network operating with the TCP/IP protocol stack, we must use all available and necessary tools to locate possible security failures that can compromise the three foundations of information security, Reliability, Integrity and Availability. I have selected some tools that are used by administrators and h4ck3rs, which can be used separately or in a mix of linux commands. They are basically audit tools, vulnerability analysis and information collection, which have been hidden for some years, but with the growth of the focus on digital security they have been used by everyone. Kismet Wash Aircrcak-ng {Airmon-ng , Airodump-ng, Aireplay-ng} Reaver Pyrit Wifite Driftnet Nmap Hping3 Netcat Nikto Nessus Dsniff { Arpspoof, dnsspoof, macof, webmitm, sshmitm, tcpkill, filesnarf, mailsnarf, urlsnarf, msgsnarf, sshow} Traceroute Hydra Wireshark