Junkie is a real-time packet sniffer and analyzer. It is modular enough to accomplish many different tasks. It can be a helpful companion to the modern network administrator and analyst. Compared to previously available tools, junkie lies in between tcpdump and wireshark. Unlike tcpdump, its purpose is to parse protocols of any depth; unlike wireshark, though, it is designed to analyze traffic in real-time and so cannot parse traffic as exhaustively as wireshark does. In addition, its design encompasses extendability and speed. It has a plug-in system and high-level extension language that eases the development and combination of new functionalities; threaded packet capture and analysis for handling of high bandwidth networks; and a modular architecture to ease the addition of any protocol layer. It is based on libpcap for portability, and well-tested on professional settings.
SysopView shows information in a visually attractive way, like computers in movies do. The idea is that it can show information relevant to system administrators non-comprehensible for non-technical personnel, while still looking attractive even if you don't know what is shown. The current version can show nagios status data, webcam streams (mjpeg, jpeg, and video4Linux), and VNC, has a built-in terminal emulator in which regular text applications can be run, can sniff the network (including remotely) and dissect streams and show pictures which are sniffed, can show external bitmaps (from, for example, mrtg and rrdtool), and can scroll text (currently showing output of rssfeeds).
netsniff-ng is a high performance Linux network sniffer for packet inspection. It is similar to analyzers like tcpdump, but without the need to perform system calls for fetching network packets. A memory-mapped area within kernelspace will be used for accessing packets, so there is no requirement for copying them to userspace (a 'zero-copy' mechanism). For this purpose, netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying, and performing offline analysis of pcap dumps. The project is focused on building a robust, clean, and secure analyzer and utilities that complete netsniff-ng as a support for penetration testing. netsniff-ng can be used for protocol analysis, reverse engineering, and network debugging.
ipredirectd has functionality similar to netcat but with some extra features. Multiple clients and full logging of network traffic are supported. It can also manipulate incoming and outgoing text traffic. Manipulation is based on pattern files that support regular expressions. This feature is probably most useful with HTTP. The software is smart enough not to apply regular expressions on non-HTML data by reading the content-type header. One possible usage is redistribution of pre-authenticated Web pages in foreign domains by replicating authentication and session cookies.
SerLooK is a KDE application for inspecting data going over serial lines. It can work as a binary terminal that sends and receives data through a defined port (Point to Point mode) and displays them on separate views. Each view can be configured to display data in hexadecimal, decimal, octal, binary, and raw ASCII. It is also possible to perform I/O through terminal emulation views and define a secondary port and monitor the traffic between two external hosts using a "Y" cable (Snooper mode).