< Prev 1 2 3 4 5 6 7 8 9 10 11 Next >
Category: Network Monitoring
Astral was designed to capture local network packet activity, translate the packets to readable form, and log the data. Astral can capture data using either Dialup, Ethernet, or a Wireless adapter. Astral runs on Windows NT, XP, and 2000, maybe more. Astral comes with an additional application, titled sort.exe. Sort can be used to parse one's astral log file using a set of built-in terms or any custom term which aid to integration and the exclusion of irrelevant data. Build your own custom integration scripts, make Astral look, feel, and work the way you want! Examples included!
Firewall Test Agent
This simple tool can be used to test and log the rules on a firewall. The Firewall Test Agent is able to open up any number of TCP and UDP ports on a windows machine and log any connection attempts. A port scanner or other such tool can then be used to scan through the firewall to find which ports have been allowed through in the firewall rule base. This tool is useful when you don't have access to the firewall rules. This tool could also be used as a port scan monitor if you are interested in the number of scans your networks are receiving. WARNING: Some machines will NOT be able to open thousands of ports. With older, slower and heavily utilized machines you should only open a few thousand ports at a time. I do not recommend any more than 10,000 ports at any one time although 65,535 if theoretically possible.
PBNJ is a network tool that can be used to give an overview of a machine or multiple machines which includes the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.
1. Overview SwitchSniffer is a program that can scan your switched LAN for up hosts and can reroute and collect all packets without the target users' recognition. It can also detect the arpspoofer program running on the network and block user definable sessions like firewall. If you use this program in tandem with any sniffer program, you can capture and see the users IDs and passwords on a switched network. >>> What's new: -. MAC Based Blocking. -. Converting the ip address into the country name. -. Export the view data into an excel file -. Coloring each row items. Employing the speed bars. Finding out the collision of ip addresses. >>> Features: -. SwitchSniffer can poll and collect all the packets on the switched LAN. -. SwitchSniffer can scan and display the active hosts on the LAN quickly, and automatically. -. While spoofing ARP tables, SwitchSniffer can act as another gateway (or ip-forwarder) without other users' recognition on the LAN.' -. It can collect and forward packets by selecting inbound, outbound, and both to be sent to the Internet. -. An ARP table is recovered automatically in about 30 seconds. But, SwitchSniffer can keep spoofing continuously by updating the target computers ARP table more frequently. -. If one or more network interface cards are installed on a computer, you can choose which NIC you would like SwitchSniffer to scan and spoof through. -. SwitchSniffer can display information about the amount of data transferred to and from the internet. -. SwitchSniffer can detect if any computer on the LAN is running an arpspoofer program. -. SwitchSniffer can filter: sessions, local hosts, and remote hosts. The installation of the winpcap driver is not necessary for SwitchSniffer. -. SwitchSniffer can manage the local hosts based on MAC Address. -. SwitchSniffer can act as a plug-and-played router. -. SwitchSniffer can export the data of view into an excel file. >>> Benefits: -. SwitchSniffer can find hidden hosts on the LAN. -. SwitchSniffer can find if abnormal hosts are connected to your wireless network. -. SwitchSniffer protects your network from abnormal users. -. SwitchSniffer can check if there are abnormal packets on the LAN. -. SwitchSniffer allows you to capture user IDs, passwords, chat sessions and web sessions etc., on the switched network through the use of a sniffer application. -. SwitchSniffer can block the local hosts based on MAC Address. -. SwitchSniffer can resolve the problem of IP Collision. -. SwitchSniffer can find out the contry name by ip address on remote. -. SwitchSniffer enables you to monitor all the packets on a switch network.
Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.
1. Overview SwitchSniffer is a program that can scan your switched LAN for up hosts and can reroute and collect all packets without the target users' recognition. It can also detect the arpspoofer program running on the network and block user definable sessions like firewall. If you use this program in tandem with any sniffer program, you can capture and see the users IDs and passwords on a switched network. 1.1 features: -. It can pull and collect all the packets on the LAN. -. It can scan and show the active hosts on the LAN within a very short time. -. While spoofing ARP tables, it can act as another gateway (or ip-forwarder) without other users' recognition on the LAN. -. It can collect and forward packets by selecting inbound, outbound, and both to be sent to the Internet. -. An ARP table is recovered automatically in a little time (about 30 seconds). But, this program can keep spoofing continuously with a periodic time. -. Although one or more network interface cards are installed on a computer, this program can scan and spoof by selecting one of NICs. -. It can get traffic information about the amount of data transferred to and from the internet including I session information. -. It can detect which computer is running an arpspoofer program on the local network. -. It can scan all hosts automatically on the network. -. It has a feature which filters or blocks sessions, local hosts and remote hosts. -. No more installation of winpcap driver. 1.2 Benefits: -. It can find out the hidden hosts on local area network. -. It can check out if abnormal hosts are connected on the wireless network. -. It protect your network from abnormal users. -. It can check out if there are abnormal packets on the local network. -. It can view users/passwords, chat sessions and web sessions etc., on the switch network by other application. 2. System Requirement 2.1 Local : Windows nt4/2000/xp/2003, 25MB free main memory, Network adapter which supports promiscuous mode. Remote : All computers including network devices must support Ethernet 3. Reference http://www.nextsecurity.net/
e-Surveiller is a powerful user-activity monitoring, logging and real-time surveillance software package. With it, you can monitor the activities of several computer users on standalone computers, on a local area network and on remote computers across the Internet. You view the screens of monitored users on a LAN or across the Internet in real-time! and it empowers you to save screen snapshots at any time. It stealthily records all keystrokes, Web site visits, all AOL, AIM, ICQ, MSN and Yahoo chat conversations, all windows, applications, file changes etc. User-activity logs are periodically transferred, uploaded or emailed to you for analysis + more! Other features include password-protection, peer-to-peer network support, remote monitoring updates and a comprehensive user-activity log viewer.
pmacct is a small set of passive network monitoring tools to measure, account and aggregate IPv4 and IPv6 traffic; aggregation revolves around the key concept of primitives (VLAN id, source and destination MAC addresses, hosts, networks, ports, AS numbers, IP protocol and ToS/DSCP field are supported) which may be arbitrarily combined to build custom aggregation methods; support for historical data breakdown, triggers and packet tagging, filtering, sampling. Aggregates can be stored into memory tables, SQL databases (MySQL or PostgreSQL) or simply pushed to stdout. Data is collected from the network either using libpcap (and optionally promiscuous mode) or reading Netflow v1/v5/v7/v8/v9 and sFlow v2/v4/v5 datagrams.
e-Surveiller is a powerful user-activity monitoring, logging and surveillance suite. With it, you can record all keystrokes, Web site visits, windows, AOL, AIM, ICQ, MSN and Yahoo chats, etc. of computer users on standalone computers, on a local area network and on remote computers across the Internet. You view the screens of monitored users on a LAN or across the Internet in real-time! User-activity logs are also periodically uploaded or emailed to you for analysis + MORE!
Prelude Hybrid IDS Framework
Prelude is a Hybrid IDS framework, that is, a product enabling all security applications, be it open-source or proprietary, to report to a centralized system. In order to achieve this task, Prelude relies on the IDMEF (Intrusion Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using a unique language.
Browse by category