Integrate with Hundreds of Third-party Network AppsTake a look at all the network analysis and forensic tools that work in conjunction with the Solera Appliances: HTTP Analysis Web Reporting Packet Analysis Intrusion Detection Systems (IDS) Password/Encryption Crackers OS Detection Network/Application QoS Other Application Resources |
IM Analysis
EffeTech
Commercial
OS: Win9x/ME/NT4/2000/XP
EffeTech develops a series of Internet security software. The purpose of these analysis software is to monitor Internet abuse and to unveil information inside packets, such as URL of HTTP, instant messages of MSN messenger, AIM and ICQ, password of http, FTP, SMTP, POP3and telnet.
EtherBoss
Commercial
OS: Win
EtherBoss MSN Messenger Conversation Monitor & Sniffer is a handy network utility to capture and log MSN Messenger chat on network. All intercepted messages will be saved on the disk automatically. It also provides rich-features report and finding system to locate and export captured MSN conversations as HTML files for later analyzing and reference.
HTTP Analysis
HTTP Watch
Commercial
OS: Win
HttpWatch is an HTTP viewer and debugger that integrates with Internet Explorer to provide seamless HTTP and HTTPS monitoring without leaving the browser window.
Web Scarab
Open Source
OS: Win, Linux, UNIX, Mac
In its simplest form, WebScarab records the conversations (requests and responses) that it observes and allows the operator to review them in various ways. WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.
iWatchHTTP
Purchase
OS: Win, Linux, UNIX
iWatch is the only tool that lets you see every HTTP transaction with its parameters and performance tokens in real-time. iWatch's unique feature of being able to capture and display every HTTP call along with all its parameters and relevant performance tokens (such as the transactions, server processing time and average network round trip) lets HTTP application developers and administrators address the exact performance problems.
Web Reporting
iWatchWeb Reporting
Commercial
OS: Win, Linux, UNIX
Currently, there are no applications that have undertaken to analyze user behavior. iWatch applies traditional marketing approaches to data usage. User decisions can be based on content and delivery of the content-for example, how long the user had to wait to receive the data.
iWatch IQ
Purchase
OS: Win, Linux, UNIX
Mapping HREF's to business centric views: The problem boils down to the simple question mark. In technical parlance, the question mark in a URL signals the separation between an actual page or program on the left and a set of parameters that the program needs to know about on the right. This may seem both trivial and technical. In a sense it is. Except that innocent-looking question mark can prevent traffic analysis software from producing a report that makes any sense.
Packet Analysis
ClearSight
Commercial
OS: Win
ClearSight Analyzer is an advanced network monitoring and troubleshooting tool that shows you all the activity on your network via a simple and intuitive user interface. The latest CSA 6.0 release offers IPTV support and a complete Triple-Play analyzer solution. It adds new MSN application and updates existing application support with feature enhancements, including VoIP, Codecs, Report, Filter, Multicast, etc. The user interface and toolbar are also improved
EtherPeek
Commercial
OS: Win
- EtherPeek VX (VoIP analysis)
- EtherPeek NX (Network analysis)
- EtherPeek SE (Standard edition)
EtherPeek VX offers both Ethernet and VoIP diagnostics in real time. EtherPeekVX provides real-time expert analysis, Application Response Time (ART) analysis, full 7-layer decodes, alarms, triggers, comprehensive graphs and reports and more. EtherPeek VX offers per-call analysis and supports multiple signaling protocols. The media plane analysis looks at packet-level details of RTP and RTCP streams and evaluates packet delay variations, packet loss and jitter and provides MOS scores as well as R-Factor values for each call.
EtherPeek NX offers a breadth of unique features and technological innovation, including real-time expert analysis on multiple adapters, Application Response Time (ART) analysis, extensive application protocol decoding, packet generation, alarms, triggers, notifications, monitoring and reporting.
EtherPeek SE Ethernet protocol analyzer is an intuitive, powerful network and protocol analyzer for troubleshooting Ethernet networks. It provides decoding, filtering and diagnostics of a high-end analyzer
Sniff-em
Commercial
OS: Win
Sniff-em detects a wide range of low-level protocols as well as high-level protocols such as IP protocols. Real-time Ethernet fingerprinting is supported as well with over 4,700 fingerprints in the database.
All protocols can be easily added or changed by using a graphical interface inside the settings dialog. Besides decoding an entire range of protocols, Sniff-em does advanced decoding of Netbios and DNS packets.
CommView/RA
Commercial
OS: Win 32/64 Bit
CommView is a powerful network monitor and analyzer designed for LAN administrators, security professionals, network programmers, home users-virtually anyone who wants a full picture of the traffic flowing through a PC or LAN segment. Loaded with many user-friendly features, CommView combines performance and flexibility with an ease of use.
Tcpdump/Windump
Open Source
OS: Win, Linux, UNIX, Mac
This application is used for general packet capture and analysis and the predecessor to Wireshark. It is installed as a stand-alone software for raw capture. Once traffic is captured you can then perform analysis on the traffic in a historical manner. The data is presented in a very raw format.
WinPcap 4.0
Open Source
OS: Win
This is an industry-standard tool for link-layer network access in Windows environments: It allows applications to capture and transmit network packets bypassing the protocol stack and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.
Wireshark
Open Source
OS: Win, Linux, UNIX, Mac
This is one of the more popular packet analysis tools on the market. This is a free application that allows you to view IP packets on many different levels. It has filtering capabilities to see just the data you want as well as other interfaces that have been built for it that resemble TCPDUMP known as t-ethereal.
Ethereal
Open Source
OS: Win, Linux, UNIX
Ethereal is for troubleshooting, analysis, software and protocol development and education. It has all of the standard features you would expect in a protocol analyzer, plus several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements.
EtherDetect
Commercial
OS: Win
EtherDetect Packet Sniffer and network protocol analyzer provides a connection-oriented view for analyzing packets more effectively. All you need to do is to set up the filter, start capturing and view connections, for packets as well as data on the fly.
Ettercap
Open Source
OS: Win, Linux, UNIX, Mac
This is a terminal-based network sniffer/interceptor/logger for Ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection is in an established connection and filtering on the fly is also possible, keeping the connection synchronized. There are many sniffing modes to give a powerful and complete sniffing suite. Plugins are also supported. It has the ability to check whether you are in a switched LAN or not and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
Dsniff
Open Source
OS: Win, Linux, UNIX, MAC
This toolset meets your password sniffing needs. Dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). "sshmitm" and "webmitm" implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available.
Ntop
Open Source
OS: Win, Linux, UNIX, MAC
Ntop shows network usage. In interactive mode, it displays the network status on the user's terminal. In Webmode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications and RRD for persistently storing traffic statistics.
Ngrep
Open Source
OS: Win, Linux, UNIX, Mac
Ngrep is a PCAP-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
EtherApe
Open Source
OS: Linux, UNIX, Mac
EtherApe is a graphical network monitor for UNIX modeled after Etherman. Featuring link layer, IP and TCP modes, EtherApe displays network activity graphically with a color-coded protocols display. Hosts and links change in size with traffic. It supports Ethernet, FDDI, TokenRing, ISDN, PPP and SLIP devices. It can filter traffic to be shown and can read traffic from a file as well as live from the network.
Intrusion Detection Systems (IDS)
Snort
Open Source/Commercial
OS: Win, Linux, UNIX, Mac
This network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.
OSSEC HIDS
Open Source
OS: Win, Linux, UNIX, Mac
An open source Host-based Intrusion Detection System, OSSEC HIDS performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. In addition to its IDS functionality, it is commonly used as a SEM/SIM solution. Because of its powerful log analysis engine, ISPs, universities and data centers are running OSSEC HIDS to monitor and analyze their firewalls, IDSs, web servers and authentication logs.
Arpwatch
Open Source
OS: Linux, UNIX, Mac
Arpwatch is the classic ARP man-in-the-middle attack detector from LBNL's Network Research Group. It syslogs activity and reports certain changes via email. Arpwatch uses LibPcap to listen for ARP packets on a local Ethernet interface.
Kismet
Open Source
OS: Linux and Windows
Kismet is an 802.11 layer2 wireless network detector, sniffer and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode and can sniff 802.11b, 802.11a and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and, given time, decloaking) hidden networks and inferring the presence of non-beaconing networks via data traffic.
Honeyd
Open Source
OS: Win, Linux, UNIX, Mac
Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services and their personality can be adapted so that they appear to be running certain operating systems. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems.
ACID
Open Source
OS: Linux
The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSs, firewalls and network monitoring tools.
SecureNet
Commercial
OS: Hardware-based solution
The Intrusion SecureNet System provides critical deep-packet analysis and application awareness and can be deployed passively for intrusion detection (IDS) or actively for intrusion prevention (IPS).
Password/Encryption Crackers
Cain and Abel
Open Source
OS: Win
This is a password recovery tool that handles an enormous variety of tasks. It can recover passwords by sniffing the network, crack encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, record VoIP conversations, decode scrambled passwords, reveal password boxes, uncover cached passwords and analyze routing protocols.
John the Ripper
Open Source
OS: Win, Linux, UNIX, Mac
John the Ripper is a fast password cracker, currently available for many flavors of UNIX (11 are officially supported, not counting different architectures), DOS, Win32, BeOS and OpenVMS. Its primary purpose is to detect weak UNIX passwords. It supports several crypt(3) password hash types that are most commonly found on various UNIX flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches.
OS Detection
P0f
Open Source
OS: Win, Linux, UNIX, Mac
P0f is able to identify the operating system of a target host simply by examining captured packets even when the device in question is behind an overzealous packet firewall. P0f does not generate any additional network traffic, direct or indirect: No name lookups, no mysterious probes, no ARIN queries-nothing. In the hands of advanced users, P0f can detect firewall presence, NAT use, existence of load balancers and more.
Network/Application QoS
iWatchSQL
Commercial
OS: Win, Linux, UNIX
Database: SQL, Oracle, DB2, Sybase
iWatch is the only tool that lets you see every SQL transaction with its parameters and performance tokens in real-time. iWatch's unique ability to capture and display every SQL call along with all its parameters and relevant performance tokens such as the transactions, server processing time and average network round trip lets SQL application developers and administrators address the exact performance problems.
NetStumbler
Open Source
OS: Windows 98 and above
NetStumbler (also known as Network Stumbler) is a tool for Windows that facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. It runs on Microsoft Windows 98 and above. NetStumbler is commonly used for:
- Wardriving
- Verifying network configurations
- Finding locations with poor coverage in one's WLAN
- Detecting causes of wireless interference
- Detecting unauthorized ("rogue") access points
- Aiming directional antennas for long-haul WLAN links
Argus
Open Source
OS: Linux
Argus is a system and network monitoring application that will monitor nearly anything you ask it to monitor (TCP + UDP applications, IP connectivity, SNMP OIDS, Programs, Databases, etc). It presents a nice clean, easy-to-view web interface that will keep both the managers and the techs happy. It can send alerts numerous ways (such as via pager) and can automatically escalate if someone falls asleep.
Flow-tools
Open Source
OS: Linux
Flow-tools is a library and a collection of programs used to collect, send, process and generate reports from NetFlow data. The tools can be used together on a single server or distributed to multiple servers for large deployments. The Flow-tools library provides an API for development of custom applications for NetFlow export versions 1, 5 and 6 and the 14 currently defined version 8 subversions. A Perl and Python interface have been contributed and are included in the distribution.
Flow-extract by Flow Scripts
Open Source
OS: Linux
Flow-extract is used for selecting flows from a binary log file created by Flow-tools. The program uses the same syntax as the Netlogger extract program to select flows.
FLAG (Forensic and Log Analysis GUI)
Open Source
OS: Linux
FLAG was designed to simplify the process of log file analysis and forensic investigations. FLAG facilitates efficient analysis of large quantities of data within an interactive environment. PyFlag is the reimplementation of FLAG in Python.
Other Application Resources
- Top 100 Network Security Tools. (Insecure.org ) This 2006 survey of 3,243 Nmap hackers reveals their top 100 security tools
- Network Monitoring Tools. This is an extensive list of network monitoring tools put together by the Stanford Linear Accelerator Center. The list is broken into categories and provides links to more information on each tool.
- 10 Great Open Source Management Tools. (ITmanagement.com)
- Top 5 Open Source Security Tools in the Enterprise. (LinuxWorld)