Junkie is a real-time packet sniffer and analyzer. It is modular enough to accomplish many different tasks. It can be a helpful companion to the modern network administrator and analyst. Compared to previously available tools, junkie lies in between tcpdump and wireshark. Unlike tcpdump, its purpose is to parse protocols of any depth; unlike wireshark, though, it is designed to analyze traffic in real-time and so cannot parse traffic as exhaustively as wireshark does. In addition, its design encompasses extendability and speed. It has a plug-in system and high-level extension language that eases the development and combination of new functionalities; threaded packet capture and analysis for handling of high bandwidth networks; and a modular architecture to ease the addition of any protocol layer. It is based on libpcap for portability, and well-tested on professional settings.
The Assimilation Monitoring Project is a highly scalable discovery-driven monitoring system. It integrates continuous discovery of servers, services, service dependencies, switch connections, and lots of other things into the monitoring process. The discovery is "stealthy" and will never set off any network security alarms. Adding servers doesn't measurably increase monitoring load, and the system is expected to easily scale into the 100K server range. The discovery work is distributed among all the nanoprobes (agents), which run scripts that spit out JSON. The central system (CMA) stores these strings and runs optional plugins to create graph nodes.
etherpoke is a scriptable network session monitor. It defines two events, SESSION_BEGIN and SESSION_END, to which a hook (system command) can be assigned. The event hook can be any program installed in the system. SESSION_BEGIN is triggered when the first packet with an Ethernet source address matching the filter is captured. SESSION_END is triggered when the time since the last captured packet with an Ethernet source address matching the filter exceeds the session timeout.