Pkviz is a tool for plotting and cycling through and animating a series of network packets captured by tcpdump. What makes it unique is that the packets’ structure is visualized, not any labels and not time itself. Pkviz takes each byte in a packet and plots it out end-to-end, left-to-right, from the first byte to the last. How high the dot gets plotted depends on the value of the byte: bytes with a value of 0 are at the bottom and those which are 255 (0xff) – the maximum value of a byte – get plotted at the top. This might not be interesting for one packet, but that changes when you start looking at thousands of packets. Pkviz can cycle through thousands of packets in the set so you can see what happened on the wire.
PRADS is a "Passive Real-time Asset Detection System". It passively listens to network traffic and gathers information on hosts and services it sees. This information can be used to map your network, letting you know what services and hosts are alive and used. It can also be used together with your favorite IDS/IPS setup for "event to host/service" correlation. It can help you make sure that your inventory database is up to date. PRADS commes in two versions. One written in Perl, and one written in C. Some features might only be found in one of the versions.
VPPPN stands for virtual peer-to-peer private networking. The project provides a VPN client using a custom protocol to be able to set up a point-to-point dynamic virtual network. This differs from OpenVPN in that it does not need a central server to pass the network's traffic. A central server exists to allocate IP addresses and provide a point of contact for the clients, but once connections are established, these services are no longer needed. This means that a VPPN network is free (as in beer), since to set up a network you do not need to invest in an always-on Internet server. Once established, a VPPPN network behaves in a similar way to a normal IP network. To the end user, this means you can set up an office network and drag and drop files between computers in a secure manner over the Internet.
log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the Web server log file and watches for inactivity from the user's IP. After an amount of time, another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command line program that can be run in the background.
Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).
Altimate Firewall is a small and easy-to-use firewall, based on a hardened Gentoo system. It has an intuitive and easy-to-use Web interface. The Altimate Firewall uses Shorewall (LAN, WAN, DMZ), OpenVPN, PPTPD, IPSEC, and many more. It includes Avira WebGate and MailGate for safer browsing and for securing your email messages. The network settings can be easily managed by a non-professional.