Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.
NOC Project is an Operation Support System (OSS) for telecom companies, service providers, and enterprise Network Operation Centers (NOC). Areas covered by NOC include fault management, performance management, service activation/provisioning, knowledge base, multi-VRF address space management (IPAM), multi-vendor configuration management, DNS provisioning, peering management, RPSL and BGP filter generation, and reporting.
ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring, and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
Netdisco is a Web-based network management tool. Users can locate the switch port of an end-user system by IP or MAC address. Data is stored using a SQL database. Cisco Discovery Protocol (CDP) optionally provides automatic discovery of the network topology. The network is inventoried by both device model and operating system (like IOS). It uses router ARP tables and L2 switch MAC forwarding tables to locate nodes on physical ports and track them by their IP addresses. For each node, a time stamped history of the ports it has visited and the IP addresses it has used is maintained. It gets all its data, including CDP topology information, with SNMP polls and DNS queries. Security features include a wire-side Wireless Access Point (AP) locator.
nefu (network fidelity utility) is a Unix daemon that monitors services over the network. It uses a "no false alarms" fault verification algorithm, and understands network dependancies. Natively-monitored protocols include ICMP echo (ping), SSH, IPP, DNS, HTTP, POP, NTP, IMAP, SMTP, and LDAP, as well as having facilities to execute external programs. Status pages are available via finger or the Web.
softflowd is a software flow-based network monitor. It tracks network traffic flows, reports aggregate statistics, and optionally exports Cisco Netflow compatible datagrams (to unicast hosts or multicast groups). It can listen on a promiscuous network interface or read store pcap capture files, and includes a sophisticated control interface.