Network monitoring
AbuseHelper
AbuseHelper is toolkit for CERT and Abuse teams. It is a modular, (hopefully) scalable and robust framework to help you in your abuse handling. With Abuse Helper you can retrieve Internet Abuse Handling related information via several sources, you can then aggregate that information based on different keys, such as AS numbers or country codes and send out reports in different formats, via different transports and using different timings.
Argus (Audit Record Generation and Utilisation System)
Argus is a network monitoring system that can track the status and performance of transactions on the network it monitors. Information is recorded in a standard format; records can be analyzed after capture to measure performance or look for anomalies, including signs of intrusions or other unauthorised use.
Bogon Reference
A bogon prefix is a route that should never appear in the Internet routing table. A packet routed over the public Internet (not including over VPNs or other tunnels) should never have a source address in a bogon range. These are commonly found as the source addresses of DDoS attacks. We have attempted to make the task of maintaining bogon filters simpler for network operators by providing a wide range of formats and methods through which you can receive this data, which are all updated on the same interval, and based on the authoritative sources of the data (the relevant RFCs, the IANA IPv4 allocation list, and RIR data). Changes in all of these sources are constantly monitored and quickly reflected within the documents we provide. Bogon tracking and alerting is currently available through HTTP, BGP Peering, Routing Registries (RADb and RIPE NCC) and DNS.
Ethereal
Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.
Nfsen / Nfdump
NfSen is a graphical web based front end for the nfdump netflow tools. NfSen allows you to: Display your netflow data: Flows, Packets and Bytes using RRD (Round Robin Database) Easily navigate through the netflow data Process the netflow data within the specified time span Create history as well as continuous profiles Set alerts, based on various conditions Write your own plugins to process netflow data on a regular interval
Open Resolver Report
Regular reports of open resolvers within your BGP ASN or CIDR netblock, provided as service by Team Cymru.
TC Console
TC Console is a web based user interface that improves the user's visibility of malicious activity on an organization's network. The data displayed is collected from Team Cymru's various sources around the world and pertains to each specific user's own network. The tool also provides a historical summary of malicious activity on the user's network, as well as a quantitative summary of data traffic on that network. It also enables collaboration among organizations so that users may provide each other with additional data beyond what is already presented to them by Team Cymru. The product is specifically for those responsible for network security involving routable IP space with corresponding autonomous system numbers. Basically, those who can take action based on the insight it provides. TC Console is offered as a community effort. The richness and value of the data is made possible by contributions from the community in order to ultimately benefit the community. Therefore, those wishing to enjoy the benefits of TC Console should expect to contribute to further enhance the service.
tcpdump
tcpdump is a tool to dump traffic on a network. It prints out the headers of packets on a network interface. Packets can be selected according to a boolean expression.
Trafshow
TrafShow continuously displays information regarding packet traffic on the configured network interface that matches a given boolean expression. It periodically sorts and updates this information. This program may be useful for locating suspicious network traffic on the net or to evaluate current utilization of the network interface.
Wireshark
Wireshark (formerly known as ethereal) is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source.
