Wednesday, January 12, 2011

Open Source Software: Network Monitoring/Scanning/Intrusion Detection (Free to download and use)

1. AFICK

Designed as a Tripwire replacement, AFICK ("Another File Integrity Checker") is useful both for security purposes and software management. It's designed to be both quick and portable. Operating System: Windows, Linux.


Want to find out how much time employees are wasting with instant messaging? AIM monitors and archives AOL and MSN instant messages across your network. Operating System: Linux, FreeBSD, OS X.


Also known as "ipscan," Angry IP Scanner scans IP addresses and ports very quickly. It can generate reports that include NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, web server detection, and more. Operating System: Windows, Linux, OS X.

4. Cacti

This tool offers a user-friendly interface to manage and graph network data stored in a RRDTool database. If you have a large network, you'll probably want a separate plug-in to collect data, such asSpine. Operating System: Windows, Linux.


Specifically designed for high performance computing systems such as clusters and grids, Ganglia uses a highly scalable hierarchical architecture. It was built for the UC Berkeley Millennium Project, and you can view a demo of that network's operation from the site. Operating System: Linux, others.



6. Kismet

Kismet is a combination wireless network detector, packet sniffer, and IDS. Often used to detect unprotected or hidden networks, it's a valuable tool for checking the security of your wireless network, as well as monitoring network activity. Operating System: Windows, Mac, Linux, Unix, BSD.


This simple TCP security port scanner works on multiple platforms and is easy to use. Operating System: Windows, Linux, Unix.

8. Munin

Munin is designed to help network administrators spot trends and figure out the root cause of performance problems. And in case you're wondering, the name comes from Norse mythology and means "memory." Operating System: Linux, OS X.

9. Nagios

Nagios calls itself "the industry standard in open source monitoring," and it aims to help identify and resolve IT infrastructure problems before they affect critical business processes. It sends alerts when it detects problems with your networks, and its reporting and graphs can help with capacity planning. Note that it can monitor multiple platforms, including Windows, but it runs on Unix-like systems. Operating system: Linux, Unix.

10. NDT

NDT is short for "Network Diagnostic Tool," and it does just that—diagnosing network performance problems. It's a client/server app that requires a Linux server; however, the client can run on any system with Java installed. It's not as robust as some of the other full monitoring tools on our list, but it does this one thing very well. Operating System: Linux.


As you might guess from the name, this tool uses SNMP v1, SNMP v2c and SNMP v3 protocols to monitor the health of network equipment. Because it focuses only on SNMP it's not as complete as the commercial monitoring software or many of the other open source options on our list. Operating System: Windows, Linux.

12. NSAT

Short for "Network Security Analysis Tool," NSAT performs bulk scans for 50 different services and hundreds of vulnerabilities. It provides professional-grade penetration testing and comprehensive auditing. Operating System: Linux, Unix, FreeBSD, OS X.


Although the full version of Tripwire now has a proprietary license, you can still download the older (2000) version that was open source. It's useful for monitoring networks and sending alerts when changes occur. Operating System: Windows, Linux.


Opsview combines several different open source tools, including the Nagios engine, into a single monitoring tool with an easy-to-use Web interface. The commercial enterprise edition adds support and some additional features. Operating System: Linux.

15. OSSEC

With more than 5,000 downloads a month, this IDS is among the world's most popular. Commercial support is available through Third Brigade. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.


The "FMS" stands for "Flexible Monitoring System," and it's apt because Pandora can monitor applications, servers, network equipment, or even stock market trends. It features an attractive GUI and can create graphs based on both real-time and stored historical data. Operating System: Windows, Linux, OS X.

17. SEC

Although we put this app in the Network Monitoring category, the Simple Event Coordinator (SEC) actually works with many different applications. To use it, you set up a set of rules that specify what actions you want to occur whenever a particular event occurs. Operating System: OS Independent.


This tool implements a number of different open-source tests to see if any of the machines in your network are running in promiscuous mode or with a sniffer. Note that some of the documentation for this app is in Portuguese. Operating System: Linux.

19. Snort

Boasting of millions of downloads and more than 200,000 registered users, Snort claims to be the mostly widely deployed intrusion detection and prevention system in the world and "the de facto standard for IPS." Developed by Sourcefire, it combines the benefits of signature, protocol and anomaly-based inspection in a single download. Operating System: Linux, Unix, OS X.


This modified version of Snort uses iptables and IPFW instead of libpcap. It describes itself as "an Intrusion Prevention System (IPS) that uses existing Intrusion Detection System (IDS) signatures to make decisions on packets that traverse snort_inline." Operating System: Linux.

21. TcpDump

Like Wireshark, tcpdump performs packet analysis, but it doesn't have nearly as many bells and whistles. It's a command-line tool that works on Linux only. Operating System: Linux.

22. WinDump

As you might guess from the name, this tool offers a Windows version of tcpdump. Operating System: Windows.


With a huge set of awards to its credits and a huge user base, Wireshark has the right to call itself "the world's foremost network protocol analyzer." Its capabilities include deep packet inspection of hundreds of protocols, live capture and offline analysis, very powerful display filters, rich VoIP analysis, and more. Operating System: Windows, Linux, OS X.

24. Zabbix

This enterprise-class distributed monitoring system can track up to 1 million metrics for 100,000 networked devices. Commercial support and appliances are also available. Operating System: Windows (agent only), Linux, OS X.

No comments:

Post a Comment