MIB Smithy is an application for SNMP and COPS developers, MIB and PIB designers, and Internet-draft authors. It provides a GUI-based environment for designing, editing, and compiling MIB and PIB modules according to the SMIv1, SMIv2, and COPS-PR-SPPI standards. It accelerates the development process by providing an easy-to-use GUI-based environment for developing the specifications without the syntax and formatting concerns of editing the modules by hand. It includes a number of built-in basic SNMP management tools, XML support, and (with MIB Smithy Professional) support for custom compiler output formats.
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
L7-filter is a packet classifier for Netfilter that identifies packets based on application layer (OSI layer 7) data. This means that it is able to classify packets as HTTP, FTP, Gnucleus, Kazaa, etc., regardless of ports. It complements existing matches that classify based on port numbers, packet length, TOS bits, and so on. Combined with Linux QoS, it allows for full layer 7 packet shaping.
ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.
C++ Sockets is a cross-platform C++ wrapper for BSD-style sockets. It implements the TCP, UDP, ICMP, and SCTP transport layer protocols. Implemented application layer protocols are HTTP/HTTPS (using OpenSSL), SMTP (server), and Ajp/1.3 (server). Features include transparent SOCKS4 client support and asynchronous DNS. Included in the library are a number of HTTP client functions such as GET/PUT/POST, and also Web server framework components.
fwknop implements an authorization scheme called Single Packet Authorization that requires only a single encrypted packet to communicate various pieces of information, including desired access through an iptables, ipfw, or pf firewall policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. Also supported is a robust port knocking implementation based around iptables log messages.
Linux Bandwidth Arbitrator allows beginning-to-advanced network administrators to control bandwidth. It is designed to be completely turn-key in its default configuration. You just plug it into your network trunk, and it self configures and immediately starts slowing "bandwidth hogs". It can be configured to target specific applications such as Kazaa, IMAP, and POP. It is compatible with the 2.4.25 kernel, ebtables, and brouter (bridging router). It also comes with denial of service protection.
Kismet is an 802.11 layer 2 wireless network detector, sniffer, and intrusion detection system. It will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic (device drivers permitting). It identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and inferring the presence of non-beaconing networks via data traffic.