Home | About | Research | Contact Us | Site Map

Security Tools

Protecting a network is complex and time consuming. As the old saying goes "You're only as strong as your weakest link". Unfortunatly in the security field, there are a myriad of ways for an internal or external threat to cause a security breach. These include bypassing firewall rules and mis-configurations. viruses, trojans, P2P apps, buffer overflows in applications, protocal weaknesses, permissions, and every other threat imaginable. Below are various helpful tools in providing security and assessment.

  • Nessus: Nessus is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems.

  • Ethereal: Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. A text-based version called tethereal is included.

  • Snort: Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine. Many people also suggested that the Analysis Console for Intrusion Databases (ACID) be used with Snort.

  • Netcat: A simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

  • TCPDump / WinDump: Tcpdump is a well-known and well-loved text-based network packet analyzer. It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down network problems or to monitor network activities. There is a separate Windows port named WinDump. TCPDump is also the source of the Libpcap/WinPcap packet capture library.

  • Hping2: Hping2 assembles and sends custom ICMP/UDP/TCP packets and displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.

  • DSniff: This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available here.

  • GFI LANguard: LANguard scans networks and reports information such as service pack level of each machine, missing security patches, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are outputted to an HTML report, which can be customized/queried. A limited free version is available for non-commercial/trial use.

  • Ettercap: Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
    It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis

  • Whisker/Libwhisker: Whisker is a scanner which allows you to test HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Libwhisker is a perl library (used by Whisker) which allows for the creation of custom HTTP scanners.

  • John the Ripper: John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches.

  • OpenSSH / SSH: Ssh (Secure Shell) is a program for logging into or executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide rdist, and rsync with a secure communication channel. OpenSSH is affiliated with the OpenBSD project, though a portable version runs on most UNIX systems. Note that the SSH.Com link above costs money for some uses, while OpenSSH is always free. Windows users may want to try the free PuTTY SSH Client or the nice terminal-based port of OpenSSH that comes with Cygwin. There are dozens of other clients (free or prorietary) available for most platforms - here is a huge list.

  • Sam Spade: SamSpade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more. Non-Windows users can enjoy online versions of many of their tools.

  • ISS Internet Scanner: A March 2003 Information Security magazine review of 5 VA tools (including these) is available here. Note that VA tools only report vulnerabilities. Commercial tools for actually exploiting them include CORE Impact and Dave Aitel's Canvas. Free exploits for some vulnerabilities can be found at sites like Packet Storm and SecurityFocus

  • Tripwire: A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. An Open Source Linux version is freely available at Tripwire.Org. UNIX users may also want to consider AIDE, which has been designed to be a free Tripwire replacement. Another option is using Radmind.

  • Nikto: Nikto is a web server scanner which looks for over 2000 potentially dangerous files/CGIs and problems on over 200 servers. It uses LibWhisker but is generally updated more frequently than Whisker itself.

  • Kismet: Kismet is an 802.11b network sniffer and network dissector. It is capable of sniffing using most wireless cards, automatic network IP block detection via UDP, ARP, and DHCP packets, Cisco equipment lists via Cisco Discovery Protocol, weak cryptographic packet logging, and Ethereal and tcpdump compatible packet dump files. It also includes the ability to plot detected networks and estimated network ranges on downloaded maps or user supplied image files. Windows support is currently preliminary, so those users may want to look at Netstumbler if they run into trouble. Linux (and Linux PDAs like Zaurus) users may wish to also look at the Wellenreiter wireless scanner. A connect-based TCP port scanner, pinger and hostname resolver. No source code is provided. It can handle ping scans and port scans using specified IP ranges. It can also connect to any discovered open port using user-specified "helper" applications (e.g. Telnet, Web browser, FTP).

  • L0phtCrack 4 (now called "LC4"): L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). L0phtcrack currently costs $350/machine and no source code is provided.

  • Retina: Retina's function is to scan all the hosts on a network and report on any vulnerabilities found. Featuring fast, accurate, and non-intrusive scanning and the industry's most comprehensive vulnerability database, users are able to secure their networks against even the most recent of discovered vulnerabilities. Users can also leverage Retina to enforce internal security policies and standards-based registry settings through custom policy audits.

  • Netfilter: Netfilter is a powerful packet filter which is implemented in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet filtering (stateless or stateful), all different kinds of NAT (Network Address Translation) and packet mangling. For non-Linux platforms, see pf (OpenBSD), ipfilter (many other UNIX variants), or even the Zone Alarm personal firewall (Windows).

  • Fport: Fport reports all open TCP/IP and UDP ports on the machine you run it on and shows what application opened each port. So it can be used to quickly identify unknown open ports and their associated applications. It only runs on Windows, but many UNIX systems now provided this information via netstat (try 'netstat -pan' on Linux). Here is a PDF-Format SANS article on using Fport and analyzing the results.

  • SAINT: Security Administrator's Integrated Network Tool. Saint is another commercial vulnerability assessment tool. SAINT runs exclusively on UNIX. Saint used to be free and open source, but is now a commercial product.

  • Network Stumbler: Netstumbler is the best known Windows tool for finding open wireless access points ("wardriving"). They also distribute a WinCE version for PDAs and such called Ministumbler. The tool is currently free but Windows-only and no source code is provided. They note that "the author reserves the right to change this license agreement as he sees fit, without notice." UNIX users (and advanced Win users) may want to look at Kismet instead.

  • SARA: Security Auditor's Research Assistant. SARA is a vulnerability assessment tool that was derived from the infamous SATAN scanner. They try to release updates twice a month and try to leverage other software created by the open source community (such as Nmap and Samba).

  • N-Stealth: N-Stealth is a commercial web server security scanner. The claims of "30,000 vulnerabilities and exploits" and "Dozens of vulnerability checks are added every day" are highly questionable. N-stealth is Windows only and no source code is provided.

  • AirSnort: AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. Windows support is still very preliminary.

  • NBTScan: NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address.

  • GnuPG / PGP: PGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implentation of the PGP standard (the actual executable is named gpg). While GnuPG is always free, PGP costs money for some uses.

  • Firewalk: Firewalk employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. This classic tool was rewritten from scratch in October 2002. Note that much or all of this functionality can also be performed by the Hping2 --traceroute option.

  • Cain & Abel: Cain & Abel is a free password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary & Brute-Force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Source code is not provided.

  • XProbe2: XProbe is a tool for determining the operating system of a remote host. They do this using some of the same techniques as Nmap as well as many different ideas. Xprobe has always emphasized the ICMP protocol in their fingerprinting approach.

  • SolarWinds Toolsets: SolarWinds has created and sells dozens of special-purpose tools targetted at systems administrators. Security related tools include many network discovery scanners and an SNMP brute-force cracker. These tools are Windows only, cost money, and do not include source code.

  • NGrep: Ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

  • Perl / Python: While many canned security tools are available on this page for handling common tasks, it is important to have the ability to write your own (or modify the existing ones) when you need something more custom. Perl and Python make it very easy to write quick, portable scripts to test, exploit, or even fix systems! Archives like CPAN are filled with modules such as Net::RawIP and protocol implementations to make your tasks even easier.

  • THC-Amap: Amap (by THC) is a new but powerful scanner which probes each port to identify applications and services rather than relying on static port mapping.

  • OpenSSL: The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

  • NTop: Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.

  • Nemesis: The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux (and now Windows!). The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts. If you enjoy Nemesis, you might also want to look at hping2. They complement each other well.

  • LSOF: This Unix-specific diagnostic and forensics tool lists information about any files that are open by processes currently running on the system. It can also list communications sockets open by each process.

  • Hunt: Hunt can watch TCP connections, intrude into them, or reset them. Hunt is meant to be used on ethernet, and has active mechanisms to sniff switched connections. Advanced features include selective ARP relaying and connection synchronization after attacks. If you like Hunt, also take a look at Ettercap and Dsniff.

  • Honeyd: Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Honeyd enables a single host to claim multiple addresses on a LAN for network simulation. It is possible to ping the virtual machines, or to traceroute them. Any type of service on the virtual machine can be simulated according to a simple configuration file. It is also possible to proxy services to another machine rather than simulating them. The web page is currently down for legal reasons, but the V. 0.5 tarball is still available here.

  • Achilles: Achilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.

  • Brutus: This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at THC-Hydra.

  • Stunnel: The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries.

  • Paketto Keiretsu: The Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for. It includes Scanrand, an unusually fast network service and topology discovery system, Minewt, a user space NAT/MAT router, linkcat, which presents a Ethernet link to stdio, Paratrace, which traces network paths without spawning new connections, and Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space. Got all that? :).

  • Fragroute: Fragroute intercepts, modifies, and rewrites egress traffic, implementing most of the attacks described in the Secure Networks IDS Evasion paper. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. Like Dsniff, and Libdnet, this excellent tool was written by Dug Song.

  • SPIKE Proxy: Spike Proxy is an open source HTTP proxy for finding security flaws in web sites. It is part of the Spike Application Testing Suite and supports automated SQL injection detection, web site crawling, login form brute forcing, overflow detection, and directory traversal detection.

  • THC-Hydra: This tool allows for rapid dictionary attacks against network login systems, including FTP, POP3, IMAP, Netbios, Telnet, HTTP Auth, LDAP NNTP, VNC, ICQ, Socks5, PCNFS, and more. It includes SSL support and is apparently now part of Nessus. Like Amap, this release is from the elite team at THC.

  • TCP Wrappers: A classic IP-based access control and logging mechanism. With this package you can monitor and filter incoming requests for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services. The package provides tiny daemon wrapper programs that can be installed without any changes to existing software or to existing configuration files. The wrappers report the name of the client host and of the requested service; the wrappers do not exchange information with the client or server applications, and impose no overhead on the actual conversation between the client and server applications.


  • pwdump3: pwdump3 combines the functionality of pwdump by Jeremy Allison and pwdump2 by Todd Sabin. It can extract the password hashes from a remote Windows NT 4.0 or 2000 box whether or not syskey has been installed. It does this by injecting a process onto the remote system, extracting the hashes, then copying the hashes back to the local system. Using this tool, a system administrator can check on the strength of the passwords on his system. Please note: pwdump3 does not exploit a new vulerability; it utilizes existing Windows communications capabilities. To use the program successfully, one must supply a username and password that has administrative-level privileges on the remote system.


  • LibNet: Libnet is a high-level API (toolkit) allowing the application programmer to construct and inject network packets. It provides a portable and simplified interface for low-level network packet shaping, handling and injection. Libnet hides much of the tedium of packet creation from the application programmer such as multiplexing, buffer management, arcane packet header information, byte-ordering, OS-dependent issues, and much more. Libnet features portable packet creation interfaces at both the IP-layer and link-layer, as well as a host of supplementary and complementary functionality. Using libnet, quick and simple packet assembly applications can be whipped up with little effort.


  • IpTraf: IP Network Monitoring Software. IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.


  • Fping: Fping is a console program, much like the ping program that comes with windows. Why use fping instead of the standard windows ping? Fping has the same options as the regular ping, and several options that are unique, including time between pings can be adjusted at wish, ranging from 1ms to 5s, beep on every (un)successful reply, Ping multiple hosts with one simple command, Ping using raw sockets, or use the ICMP dll.


  • Bastille: The Bastille Hardening System attempts to "harden" or "tighten" Unix operating systems. It currently supports the Red Hat, Debian, Gentoo, Mandrake, SuSE and TurboLinux Linux distributions along with HP-UX and Apple OS X. We attempt to provide the most secure, yet usable, system possible.


  • Winfingerprint: Winfingerprint is a Win32 Host/Network Enumeration Scanner. Winfingerprint is capable of performing SMB, TCP, UDP, ICMP, RPC, and SNMP scans. Using SMB, winfingerprint can enumerate OS, users, groups, SIDs, password policies, services, service packs and hotfixes, NetBIOS shares, transports, sessions, disks, security event log, and time of day utilizing NT Domain (Net*), Active Directory, or WMI APIs. Winfingerprint-cli is a command line version of winfingerprint and it is currently bundled with each release.
    As of version 0.5.13, Winfingerprint will utilize WinPcap for TCP SYN scans if it is present, otherwise TCP portscans will be non-blocking connect() based.


  • TCPTraceroute: tcptraceroute is a traceroute implementation using TCP packets. The more traditional traceroute(8) sends out either UDP or ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets are taking to reach the destination. The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that traceroute(8) sends out end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters.


  • Shadow Security Scanner: SSS has been developed to provide a secure, prompt and reliable detection of a vast range of security system holes. After completing the system scan, SSS analyses the data collected, locates vulnerabilities and possible errors in server tuning options, and suggests possible ways of problem solution. SSS employs a unique system security analysis algorithm based on a patented “intellectual core”. SSS performs the system scan at such a speed and with such a precision so as to be able to compete with the professional IT security services and hackers, attempting to break into your network.


  • pf: The innovative packet filter in OpenBSD.


  • LIDS: The Linux Intrusion Detection System (LIDS) is a kernel patch and admin tools which enhances the kernel's security by implementing Mandatory Access Control (MAC). When it is in effect, chosen file access, all system network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more. LIDS currently support kernel 2.6, 2.4. LIDS is released under GPL.


  • hfnetchk: Created by Shavlik, HFNetChk.exe v. 3.86 is the latest version of Microsoft's well-known free command-line tool that enables you to scan your network for missing security patches. HFNetChk.exe is the multi-threaded command-line tool you can use to assess a computer or selected group of computers for the absence of security patches. You can use HFNetChk to assess patch status for the Windows NT 4.0, WIndows NT Terminal Server, Windows 2000, Windows XP operating systems, as well as hotfixes and service packs for IIS 4.0, IIS 5.0, SQL Server 7.0, SQL Server 2000 (including MSDE), Exchange Server 5.5, Exchange Server 2000, Windows Media Player, Front Page Server Extensions, Microsoft Java Virtual Machine, Microsoft Data Access Components (MDAC), and Internet Explorer 5.01 or later.


  • etherape: EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.


  • dig: A handy DNS query tool that comes free with Bind. Dig (domain information groper) is a flexible command line tool which can be used to gather information from the Domain Name System servers. Dig has two modes: simple interactive mode which makes a single query, and batch which executes a query for each in a list of several query lines. All query options are accessible from the command line.


  • Crack / Cracklib: Alec Muffett's classic local password cracker


  • cheops / cheops-ng: Gives a simple interface to many network utilities, maps local or remote networks and identifies OS of machines


  • Kerio Personal Firewall: Residing on each desktop computer, Kerio Personal Firewall allows advanced users or network administrators to create packet filter rules that block or limit traffic for specific ports, protocols, or IP addresses, adding a level of control and security found in sophisticated network firewalls. Rules are based on the needs of individual users and the overall security requirements of the organization.


  • Visual Route: Obtains traceroute/whois data and plots it on a World map. VisualRoute helps determine if a connectivity problem is due to your ISP, the Internet, or the host you are trying to reach, and pinpoints the network where a problem occurs.


  • The Coroner's Toolkit (TCT):The Coroner's Toolkit (TCT) is a collection of tools designed to assist in a forensic examination of a computer. It is primarily designed for Unix systems, but it can some small amount of data collection & analysis from non-Unix disks/media.


  • tcpreplay: a tool to replay saved tcpdump or snoop files at arbitrary speeds. Tcpreplay is a suite of BSD licensed tools written by Aaron Turner for *NIX operating systems which gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices.  It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 headers and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS's.


  • snoop: A well-known gangsta rapper (Snoop Dogg)! It is also a network sniffer that comes with Solaris.


  • putty: An excellent Windows SSH client. PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator.


  • pstools: The Windows NT and Windows 2000 Resource Kits come with a number of command line tools that help you administer your Windows NT/2K systems. Over time, I've grown a collection of similar tools, including some not included in the Resource Kits. What sets these tools apart is that they all allow you to manage remote systems as well as the local one. The first tool in the suite was PsList, a tool that lets you view detailed information about processes, and the suite is continually growing. The "Ps" prefix in PsList relates to the fact that the standard UNIX process listing command-line tool is named "ps", so I've adopted this prefix for all the tools in order to tie them together into a suite of tools named PsTools.


  • arpwatch: Keeps track of ethernet/ip address pairings and can detect certain monkey business
    •

 
Legal Warnings | Privacy Policy
©2001-2005 Harrison & Belmont LLC
Network Security
Privacy
Resources
Standards & Frameworks