ATT Linux

ATT Linux (Advanced Threat Tracing Linux) is a **security distribution** based on **Kali Linux** that specializes in **network forensics, packet analysis, and real-time intrusion analysis**.

• Base Distribution: Based on **Kali Linux** (Debian-based), providing access to a vast repository of security tools, but with a specific focus on network-level investigation.
• Goal: To provide a non-intrusive, portable platform that security analysts can use to passively monitor network traffic, capture and analyze data packets, and trace the source and nature of network intrusions in real-time.

• Packet Analysis Suite: Ships with the full suite of network forensics tools, including **Wireshark, Tshark, tcpdump, and specialized flow analyzers**, pre-configured for high-speed packet capture.
• Intrusion Detection: Includes powerful open-source Intrusion Detection Systems (IDS) like **Snort** and **Suricata** running in analysis mode, with tools for visualizing and correlating alert data.
• Network Mapping: Features advanced tools for mapping network topology, identifying all active hosts, and quickly pinpointing the origin of suspicious traffic or unauthorized devices.
• Target User: Network forensic investigators, incident response teams, and security operations center (SOC) analysts who require a powerful, dedicated system for deep-level network protocol analysis and threat hunting.