Ports 搜索

Cricket is a high performance, extremely flexible system for monitoring trends in time-series data. Cricket was expressly developed to help network managers visualize and understand the traffic on their networks, but it can be used all kinds of other jobs, as well. It's similar to mrtg, but has a different approach.

Device templates for use with devmon.

Devmon is a Perl daemon designed to supplement and enhance the monitoring capabilities of a server running either the BigBrother or Hobbit monitoring software.

Docsis is a small program that can be used to generate binary configuration files for DOCSIS-compliant cable modems. DOCSIS stands for Data over Cable Service Interface Specification and is a standard developed by Cablelabs.

This is a lightweight but well-featured tool for collecting NetFlow version 5 packets from Cisco routers. The implementation includes a simple UDP-to-TCP converting server, which may be used to replicate NetFlow data to multiple clients.

EtherApe is a graphical network monitor for Unix modeled after Etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP, and WLAN devices, plus several encapsulation formats. It can filter traffic to be shown, and can read packets from a file as well as live from the network. Node statistics can be exported.

IPCAD is an IP accounting daemon. It uses bpf or pcap to access interfaces and gather IP statistics. Collected numbers are arranged to form an address-to-address flow pairs and than can be accessed via rsh in Cisco fashion, or exported via NetFlow UDP protocol. See README file and man pages for details.

Would you like to summarize and/or log network activity down to the ip address and port level of detail, but not record every packet? Ipaudit provides that ability. Ipaudit listens to a network device in promiscuous mode, and records of every 'connection', each conversation between two ip addresses. A unique connection is determined by the ip addresses of the two machines, the protocol used between them and the port numbers (if they are communicating via UDP or TCP). It uses a hash table to keep track of the number of bytes and packets in both directions. When ipaudit receives a signal SIGTERM (kill) or SIGINT (kill -2, usually the same as a Control-C), it stops collecting data and writes the tabulated results. Ipaudit is built using the pcap packet capture library to read the network port from LBNL Network Research Group.

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b, and 802.11g traffic. Kismet identifies networks by passively collecting packets. In addition to standard networks, it can detect (and given time, decloak) hidden networks, and infer the presence of nonbeaconing networks via data traffic. Capture sources that are known to be supported: Atheros, Prism2, WSP100, Drone, wtapfile, pcapfile. Kismet also supports radiotap headers and should work with current FreeBSD systems.

NDPMon is an equivalent of ArpWatch for IPv6. NDPMon, Neighbor Discovery Protocol Monitor, is a tool working with ICMPv6 packets. NDPMon observes the local network to see if nodes using neighbor discovery messages behave properly. When it detects a suspicious Neighbor Discovery message, it notifies the administrator by writing in the syslog and in some cases by sending an email report.