|
Unix Tools
|
|
|
Network Monitoring Tools
-
-
Argus
- Courtney
- Gabriel
-
- Netlog
-
- NETMAN
-
- NID
-
- NOCOL
Argus is a generic IP network transaction auditing tool that has allowed
Carnegie Mellon University's Software Engineering Institute to perform a
number of powerful network management tasks that are currently not possible
using commercial network management tools. It requires the libpcap
and tcp_wrappers packages, both of which are available in the
same directory as the Argus software.
![[Information]](/file/34401/Supernet21.iso/offline/w32/images/z0000103.GIF)
![[Download]](/file/34401/Supernet21.iso/offline/w32/images/z0000087.GIF)
Courtney is the work of CIAC. It monitors the network and identifies the source machines of
SATAN
probes/attacks. Courtney receives input from
tcpdump counting the
number of new services a machine originates within a certain time
window. If one machine connects to numerous services within that
time window, Courtney identifies that machine as a potential SATAN
host.
Gabriel is a SATAN detector, similar to Courtney. While
it is only available for Sun platforms, it is written entirely
in C, and comes pre-built.
The netlog programs from Texas A&M University. These constitute a TCP and
UDP traffic logging system, usable for locating suspicious network
traffic.
The NETMAN package of network monitoring and visualization tools
from Curtin University. The etherman program is an X Window
System tool that displays a representation of real-time Ethernet
communications. The interman program focuses on IP connectivity
within a single segment. The packetman tool is a retrospective
Ethernet packet analyzer.
Network Intrusion Detector (NID) is the work of the Computer Security
Technology Center (CSTC). It
provides a suite of security tools that detects and analyzes network
intrusions. NID provides detection and analysis of intrusions from
individuals not authorized to use a particular computer, and from
individuals allowed to use a particular computer but who perform
either unauthorized activities or activities of a suspicious nature on
it. The NID software product is available free of charge to all
U.S. Government agencies.
The NOCOL (Network Operations Center On-Line) package from JVNC-Net.
Can monitor various network variables such as ICMP or RPC reachability,
host performance, SNMP traps, modem line usage, AppleTalk and Novell
routes and services, BGP peers, etc. The software is extensible and
new monitors can be added easily.
[CIAC Home Page]
[Disclaimer]
Last modified: Thursday, 27-Mar-97 15:50:44 PST
CIAC / webmaster@ciac.llnl.gov
Courtney