Version 4.1 - 4.3 Security and Attack Tools
I have two different study guides that interpret this section much differently. One of them goes over DoS attack tools. I think that has been covered previously in section 4.1. But just to be sure - you will want to know about LOIC, XOIC, HULK, DDOSIM, RUDY, Tor's Hammer, PyLoris, DAVOSET, and Golden Eye. I really don't think you need to know the differences between them. I would just be familiar with them and recognize them as DoS or DDoS tools.
The other study guide starts off with listing Wireshark. Wireshark is a packet analysis tool - it is neither good nor bad. It is like a knife. A knife can be used to make a delicious meal. Or it can be used as a weapon. Since I have been using Wireshark for a very long time (and certified in it), I should be able to answer any questions on that. If you don't have experience with this, download it and use it. It's free and as previously stated, the Wiki page has sample captures. You should really get to know this tool in depth - it can help you in a lot of ways. The sample captures can show you how a protocol works (or breaks) and getting good with Wireshark can be a plus at work. However, like a knife, it can be used for malicious purpose. If you capture traffic towards a server and filter for passwords, you can list them neatly. There are multiple chapters in the Wireshark books on using this tool for security analysis and forensics.
The next set of tools can be found on Kali Linux (along with Wireshark). I highly recommend getting to know Kali - or at least being familiar with it for this test. It is not that expensive or time-consuming to set up a small lab with a switch and two or three computers. Find some old computer at a yard sale or grab a refurbished one from Microcenter and set up a "lab" or test network. Then load Kali on a computer and learn the tools on it. [Note : you can also do this using VMs in a virtual environment.] You can also easily find YouTube videos on these tools - but watching a video on it and actually using it is the best to know the tool and how it works.
Metasploit is pentesting software. I doubt there would be any questions on how to use this, but know what it is and what it does. "Metasploit can be used to test the vulnerability of computer systems or to break into remote systems." Know the Metasploit Framework and be familiar with the various parts of it. Know that "Metasploitable" is an intentionally vulnerable virtual Linux machine. This is used with Metasploit to demonstrate using the Metasploit Framework to exploit known vulnerabilities. [There is great joy in getting your first meterpreter shell.] While you're at it, you may also want to play with Armitage (it's kinda cool).
Nessus is a vulnerability scanner. Aircrack gathers packets and cracks wireless. Snort is a packet sniffing and analysis program. You should probably get to know that inside and out. Snort was developed by Sourcefire - which was later acquired by Cisco. You will see Snort rules used in the IDS section, so you might want to know their structure and be familiar with them.
Cain and Abel is a Windows-only password "recovery" tool. Netcat is the Swiss-Army knife of pentesting and hacking tools. Tcpdump is basically a packet capture/network sniffer. You may want to use tcpdump, Wireshark and Snort and note the differences. Capture the same traffic using each and look at the difference in output. Each tool has its own purpose and although they have similarities - the differences are remarkable.
John the Ripper is password cracking software. You may want to compare this to other password cracking software on Kali to get a feel for its abilities and limitations. Kismet is a wireless packet sniffer. It is used for passive wireless sniffing. Compare this to NetStumbler - which is much more aggressive.
If you are at the point where you're studying for the CCIE Security Written, you should know OpenSSH, PuTTY and SSH.
Burp Suite is a platform of tools used to test/attack web applications. Nikto is a web scanner. Hping is a packet generator (and is now part of nmap). "The new version of hping, hping3, is scriptable using the Tcl language." It assembles and sends custom ICMP, UDP or TCP packets and then displays the replies.
Ettercap is used for MitM attacks. It also performs network sniffing and ARP poisoning of target hosts. "Ettercap uses the IP ID header value 0xe77e (short for 'ette'rcap) when looking for other ettercappers on the network." [I learned this from Laura Chappelle's books and videos. Look for her stuff if you want to learn/master Wireshark.]
So now that all of these have been listed, let me repeat this suggestion again: play with Kali. The best way to know these tools and remember what they do is to actually experience working with them. And Kali has all these tools in one convenient location. Granted, you don't need to get to pentester level with these, but if you have some experience with them, this part will be easy.