IDABench is a Web interface to many intrusion analysis tools. By the use of simple plug-ins, it allows an analyst to twist and turn hourly packet logs through such utilities as tcpdump, ngrep, tethereal, etc. Output is textual web pages, gnuplot graphs, and downloadable composite binary dumpfiles. Based on the US Navy's SHADOW intrusion detection system, IDABench simplifies the writing of tcpdump filters, allows regular- expression context matching, and through a simple plugin API, can be extended to include other libpcap- based analysis tools, such as Snort, p0f, etc.
Tiny Honeypot (thp) is a simple honey pot program based on iptables redirects and an xinetd listener. It listens on every TCP port not currently in use, logging all activity and providing some feedback to the attacker. The responders are entirely written in Perl, and provide just enough interaction to fool most automated attack tools, as well as quite a few humans, at least for a little while. With appropriate limits (default), thp can reside on production hosts with negligible impact on performance.