NFDUMP tools support netflow v5, v7 and v9 capturing and processing.
nfcapd - netflow capture daemon.
Reads the netflow data from the network and stores the data into files.
nfdump - netflow dump.
Reads the netflow data from the files stored by nfcapd. It's syntax is similar
to tcpdump. If you like tcpdump you will like nfdump.
nfprofile - netflow profiler.
Reads the netflow data from the files stored by nfcapd. Filters the netflow
data according to the specified filter sets (profiles) and stores the
filtered data into files for later use.
nfreplay - netflow replay.
Reads the netflow data from the files stored by nfcapd and sends it over
the network to another host.
ft2nfdump - flow-tools to nfdump - optional component.
NfSen is a graphical web based front end for the nfdump netflow tools.
NfSen allows you to:
* Display your netflow data: Flows, Packets and Bytes using RRD
(Round Robin Database).
* Easily navigate through the netflow data.
* Process the netflow data within the specified time span.
* Create history as well as continuous profiles.
* Write your own plugins to process netflow data on a regular interval
VMPS (VLAN Management Policy Server) is a way of assigning switch ports to
specific VLANs based on the MAC address of connecting device. OpenVMPS is
a GPL implementation of VMPS.
Packit is a network auditing tool. Its value is derived from
its ability to customize, inject, monitor, and manipulate IP
traffic. By allowing you to define (spoof) nearly all TCP, UDP,
ICMP, IP, ARP, RARP, and Ethernet header options, Packit can be
useful in testing firewalls, intrusion detection systems, port
scanning, simulating network traffic, and general TCP/IP
auditing. Packit is also an excellent tool for learning TCP/IP.
PADS is a signature based detection engine used to passively detect
network assets. It is designed to complement IDS technology by
providing context to IDS alerts.
Goals:
* Passive: Records and identifies traffic seen on a network without
actively "scanning" a system. There will never be a packet sent
from the pads applications.
* Portable: Has the ability to be placed easily on a remote system.
Does not require additional external libraries other than those
associated with libpcap.
* Lightweight: Logging is sent to a simple CSV file. There is no need
for a database or other data repository installed on the local
machine. All correlation is done outside of the pads program.
phpipam is an open-source web IP address management application.
Its goal is to provide light and simple IP address management
application. It is ajax-based using jQuery libraries, php scripts,
javascript and some HTML5/CSS3 features.
- IPv4 / IPv6 address management
- ICMP status updates, subnet scanning and status showing
- Domain authentication (AD) / OpenLDAP authentication
- Visual subnet display
- VRF support
- VLAN management
- RIPE import
- Import / export XLS files
- E-Mail notification with IP details
- IP database search
- Custom IP/subnet/userVLAN address fields
pmacct is a set of network tools to gather IP traffic
informations (bytes counter and number of packets); aggregation
of statistics is done using simple primitives (MAC addresses,
source host, destination host, ports and ip protocols) that can
be used alone or combined together to form complex aggregation
methods; counters are either global or historical (broken at
fixed timeslots). Data is either stored in a memory table,
pulled to stdout or in a SQL database (MySQL or PostgreSQL).
Gathering packets off the wire is done either using pcap
library (and promiscuous mode of the listening interface) or
reading Netflow packets coming from the network.
IPplan is a free (GPL), web based, multilingual, IP address management and
tracking tool written in php4, simplifying the administration of your IP
address space. IPplan goes beyond IP address management including DNS
administration, configuration file management, circuit management and
storing of hardware information. IPplan can handle a single network or
cater for multiple networks and customers with overlapping address space.
Pure-Python implementation of SNMP/SMI MIB parsing and conversion library
qKismet is graphical Kismet client writtent in Qt. It aims to be a full-featured
client, which provides features allowing easy overwiew of Kismet output.
Currently it displays networks, clients, alerts and status messages and allows
to sort and filter them.