|
CPM, from Carnegie Mellon University, checks for network interfaces in promiscuous mode. satan - a web based extensible network and system probe that checks for common problems saint (Security Administrator's Integrated Network Tool) - web front-end tool that gathers information about remote hosts and networks using network services as finger, NFS, NIS, ftp and tftp, rexd, statd, and other services. Argus is a generic IP network transaction auditing tool which runs as an application level daemon, promiscuously reading network datagrams from a specified interface, and generates network traffic status records for the network activity that it encounters. Courtney monitors the network and identifies the source machines of SATAN probes/attacks. Courtney receives input from tcpdump counting the number of new services a machine originates within a certain time window. If one machine connects to numerous services within that time window, Courtney identifies that machine as a potential SATAN host. Gabriel is another SATAN detector, written entirely in C and only available for solaris. scan-detector is a tool to monitor for port scans of a Unix system. cybercop scanner, by PGP Security, is a commercial application that provides network scanning backed by a database of attack methods. netlog and netwatcher are parts of a TCP and UDP scanner, complimenting the drawbridge package from TAMU. Netman, a collection of tools including etherman, interman, packetman, loadman, geotraceman, and analyser, provide realtime network communication monitoring and retrospective packet analysis. NID is a suite of software tools that helps detect, analyze, and gather evidence of intrusive behavior occurring on an Ethernet or Fiber Distributed Data Interface (FDDI) network using the Internet Protocol (IP). NOCOL is a network monitoring package that runs on Unix platforms and is capable of monitoring network and system variables such as ICMP or RPC reachability, RMON variables, nameservers, ethernet load, port reachability, host performance, SNMP traps, modem line usage, appletalk & novell routes/services, BGP peers, syslog files, etc. The software is extensible and new monitors can be added easily. |
arpmon does a popen() to tcpdump and collects data while ipreport writes a formatted report of the addrs files to stdout. Perl 4p19 or greater required. arpwatch - ethernet monitor program for keeping track of ethernet/ip address pairings. tcpdump - protocol packet capture and dumper program traceroute - prints the route packets take to a network host pathchar - infers the characteristics of Internet paths libpcap - packet capture library clog s a program that logs all connections on your subnet. It uses the pcap(3) packet capture library to log any SYN packets to a logfile. The output format is designed to be very easily parsed by various text processing tools. strobe is a security/network tool that locates and describes all listening tcp ports on a (remote) host or on many hosts in a bandwidth utilization maximizing, and process resource minimizing manner. nmap - comprehensive port scanner QueSO - another port scanner which also tries to identify the scanned system Network Flight Recorder promiscuously monitors your network and provides a framework for analyzing, reporting, and modeling the traffic that it sees. The CIDER (Cooperative Intrusion Detection Evaluation and Response) Project is an effort of NSWC Dahlgren, NFR, NSA, the SANS community and other interested parties to locate, document, and improve security software. They cover topics such as coordinated attacks and probes and a step byt step intrusion detection example using NFR. ISS puts out Internet Scanner, System Scanner, RealSecure, and several other security related products. tocsin logs port scan connections on a per network basis. Tocsin is specifically designed to catch TCP SYN probe attempts. netcat s a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It's designed to be a backend tool, but is also a network debugging and exploration tool. |