MultiTail lets you view one or multiple files like the original tail program. The difference is that it creates multiple windows on your console (with ncurses). Merging of 2 or more log files is possible. It can also use colors while displaying the log files (through regular expressions) for faster recognition of what is important. It can also filter lines (again with regular expressions). It has interactive menus for editing given regular expressions and deleting and adding windows. One can also have windows with the output of shell scripts and other software. When viewing the output of external software, MultiTail can mimic the functionality of tools like 'watch'.
aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.
ns4 is a command line configuration management tool that runs on a Unix or Windows based operating system. It allows the automated backup of node (i.e. routers and switches) configurations to an FTP/SFTP server or local media on a daily basis to create configuration archives. It can run ad-hoc commands on multiple nodes as well as custom scripts for automating complex tasks. It uses Perl and allows you to manipulate the output of commands using regular expressions within scripts. Configuration based cartridges are used to specify new node types, allowing the user to extend its functionality in a simple and dynamic way.
bandwidthd tracks usage of TCP/IP network subnets and builds HTML files with graphs to display network utilization. Charts are built by individual IP to show their utilization over 2, 8, 45, and 400 day periods. It color codes HTTP, HTTPS, TCP,UDP, ICMP, VPN, and P2P traffic. Unlike MRTG, it tracks each individual IP address and subnets, not the status of any particular link. Static mode is fast and easy to set up and has few dependencies. Database mode supports filtering by subnet, multiple sensors, custom reports and intervals, and can process thousands of IPs efficiently. Network utilization can be logged in CDF or a backend database.
esniff (formerly dbsniff) is a very basic set of tools useful for network traffic analysis and scripting across machines. It consists of three tools: esniff, nwait/npush, and loss_chk/loss_srv. esniff is a packet sniffer based on pcap that does certain things like traffic summaries (not better but hopefully easier than tcpdump). nwait and npush implement the DOS "pause" command working over the network. loss_chk and loss_srv are for checking the loss rate of a line.
mwcollect is an easy solution to collect worm-like malware in a non-native environment like FreeBSD or Linux. The first versions were used to collect binaries for botnet monitoring, and bots are still what it is mostly collecting. Some people consider it a next generation honeypot; however, that comparison often leads to the misunderstanding that computers running mwcollect can actually be infected with the malware, which is not the case.
Weplab is a tool to review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are available, so it can measure the effectiveness and minimum requirements of each one. Currently, weplab supports several methods, and it is able to crack the WEP key from 600,000 encrypted packets.