Most experts who deal with a network will know about the Wireshark tool. Wireshark is available on both Linux and Windows. Microsoft provides the Microsoft Network Monitor tool that has packet sniffing capability. One additional advantage it has is that it tells us which process is creating network communications. One can easily associate a network connection with a process, which is an added advantage over other network monitoring tools:

It makes it easier for an analyst to identify:

• Which process creates the connection.
• If we can see unusual network connections from Windows system processes such as explorer.exe and winlogon.exe then we may suspect malware has injected some code into the process 

FakeNet is another important tool. Sometimes we don't want the malware to connect to their C&C server. Also, sometimes C&C servers are offline and since the malware waits for a communication from its C&C server, it does not perform the rest of the function. This tool has the ability to deceive the malware and provide a fake network connection so the malware thinks that it has connected to its C&C server.