[ Search ] [ What's New? ] [ About ]
[ Bugs ] [ Misc ] [ Mailing Lists ] [ Newgroups ] [ NewsWire ] [ Papers ] [ People ]
[ Pictures ] [ Publications ] [ Responce Teams ] [ Tools ] [ Upcoming Events ] [ Web Sites ]
Monitoring Tools
Title: netlog
Authors: Mark (maf+@osu.edu)
Abstract:
Set of perl scripts to monitor and log ARP request on an ethernet.
Title: arpwatch
Authors: Lawrence Berkeley Laboratory, Network Reseach Group
Abstract:
Arpwatch is a tool that monitors ethernet activity and keeps a database of ethernet/ip
address pairings. It also reports certain changes via email. Arpwatch uses libcap, a
systemindependent interface for userlevel packet capture.
Title: clog 0.0.2
Authors: Brian Mitchell
Abstract:
clog is a program that logs all connections on your subnet. It uses the pcap packet capture
library to log any SYN packets to a logfile. The output format is designed to be very easily
parsed by various text processing tools.
Title: Gabriel v1.0
Authors: Los Altos Technologies, Inc.
Abstract:
Gabriel gives the system administrator an early warning of a possible network intrusion by
detecting and identifying unauthorized network probing. Gabriel's highlights: Ready to run
for Sun Solaris1 and Solaris2 operating systems. Full source included. Perl IS NOT required.
Test script included to simplify evaluation of Gabriel. Builtin mechanism to send realtime
alerts via pager, phone call, email, or online displays. For Solaris1 and Solaris2 systems.
Title: arpwatch
Authors: Laurent Demailly
Abstract:
IcmpInfo monitors incoming ICMP packets. It can be used to detect and record 'bombs' as
well as various network problems.
Title: loginlog
Authors: Mark
Abstract:
Monitors utmp and alerts you when someone logs in.
Title: netlog
Authors: Free Software Foundation Inc.
Abstract:
An advanced network sniffer system to monitor your networks. These programs are a part
of the network security system used by Texas A&M University. It can be used for locating
suspicious network traffic. The following programs are included:
Title: NFSTrace
Authors: Matt Blaze
Abstract:
This is the rpcspy/nfstrace package. It is described in detail in the paper "NFS Tracing by
Passive Network Monitoring", which appeared in the January, 1992 USENIX conference.
You'll need either a DEC machine running ULTRIX (with the packetfilter installed in the
kernel) or a Sun running SunOS 4.x (with NIT). Or you'll need to do a bit of hacking.
Title: NFSWatch
Authors: Dave Curry Jeff Mogul
Abstract:
It lets you monitor NFS requests to any given machine, or the entire local network. It mostly
monitors NFS client traffic (NFS requests); it also monitors the NFS reply traffic from a
server in order to measure the response time.
Title: NOCOL/NetConsole v4.01
Authors: Vikas Aggarwal
Abstract:
NOCOL/Netconsole (Network Operation Center OnLine) is a network monitoring package
that runs on Unix platforms and is capable of monitoring network and system variables such
as ICMP or RPC reachability, RMON variables, nameservers, ethernet load, port
reachability, host performance, SNMP traps, modem line usage, appletalk & novell
routes/services, BGP peers, etc. The software is extensible and new monitors can be added
easily.
Title: swatch
Authors: Todd Atkins
Abstract:
A simple watcher that is designed to monitor system activity.
Title: Tap
Authors: Simon Ney
Abstract:
This is the STREAMS pushablemodule/driver tap. This module will monitor a stream.
Title: TCP Alert
Authors: Dana Nowell
Abstract:
Small program thats sits in a TCP port listening for connections and logs any such attempts.
Title: tcp_wrappers
Authors: Wietse Venema
Abstract:
With this package you can monitor and filter incoming requests for the SYSTAT, FINGER,
FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services.
Title: tocsin
Authors: Doug Hughes
Abstract:
This program will catch port scanners that use SYN probes without actually opening up a
connection. It works as a good supplement to klaxon. You only need 1 tocsin process per
subnet. Assumming you run it on a shared subnet, it will catch probes on any machine on
that subnet. If your machine has multiple subnets, it will default to le0, but you can change
that with the -i option.
Title: ttysnoop
Authors: Carl Declerck
Abstract:
The package allows you to snoop on login tty's through another ttydevice or pseudotty. The
snoop-tty becomes a 'clone' of the original tty, redirecting both input and output from/to it.
Title: xc
Authors: der Mouse
Abstract:
I now have a program that behaves superfically like xconns, but with some significant
differences: It uses RFC931 to display usernames, when the client host supports RFC931. It
allows the user to freeze (and unfreeze) connections, or kill them, independent of the client,
and very importantly independent of the server. The KillClient request can be used to
forcibly disconnect a client from the server, but only if the client has created a resource,
which (for example) neither xkey nor xcrowbar does. It monitors the connection, and if it
sees certain dubious requests (currently configurable only by hacking on the source), it pops
up a little menu with which the user can allow the request, have it replaced with a
NoOperation request, or kill the connection. The dubious requests are, at present, requests
to change the host access list, requests to enable or disable access control, and
ChangeWindowAttributes requests operating on nonroot windows not created by the same
client.
Aleph One / aleph1@underground.org
Copyright © 1996 Computer Underground Society. All rights reserved.