1. Packets Capturing and Analysing
- Tcpdump - Packet sniffers
- Wireshark - Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source multi-platform network protocol analyzer. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tshark is included. One word of caution is that Wireshark has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).
2. TCP/UDP Tools
- TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
- The Process Explorer display details your computer's running processes in a more visual representation than the standard Windows Task Manager.
- RINETD - Redirects TCP connections from one IP address and port to another.
3. Integrity Check
- Tripwire - It was a simple tool to check file and folder integrity. Now Tripwire provide a whole set solution to discovers every asset on an organization’s network and delivers high-fidelity visibility and deep intelligence about these endpoints. Tripwire solutions also deliver actionable reports and alerts and enable the integration of valuable endpoint intelligence into operational systems like change management databases, ticketing systems, patch management and security solutions including SIEMS, malware detection and risk and analytics.
4. Penetration Test Tools
- World's most used penetration testing software - metasploit
- Nessus® is the industry’s most widely-deployed vulnerability, configuration, and compliance scanner.
- BackTrack - BackTrack is a free bootable Linux distribution that contains a plethora of open source tools that you can use for network security and penetration testing. The tools are organized into different categories such as ‘Information Gathering’, ‘Vulnerability Assessment’, ‘Exploitation Tools’, ‘Privilege Escalation’ and ‘Maintaining Access’, amongst others.
- Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.
5. Proxy Software
6. Network Automation Tools
- NetMRI provides automatic network discovery, switch port management, network change automation, and continuous security policy and configuration compliance management for multi-vendor routers, switches, and other layer-2 and layer-3 network devices. NetMRI is the only platform that supports traditional and virtual network constructs (such as VRF) for multi-vendor network automation.
7. Security Intelligence
- Lancope, Inc. is a leading provider of network visibility and security intelligence to protect enterprises against today’s top threats.
- FireEye Network Security (NX) products, now available in modular 2- and 4-Gbps appliances, enable organizations to prevent, detect, and respond to network-based zero day exploit attempts, web drive-by downloads, and advanced malware that routinely bypass conventional signature-reliant defenses.
8. Security information and event management (SIEM)
- IBM® Security QRadar® SIEM consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network.
- Splunk is an industry-leading platform for machine data, automatically indexes all your log data, including structured, unstructured and complex multi-line application log data.
9. Encryption Tools
- Truecrypt - a strong encryption utility that can encrypt entire volumes or create an encrypted container within a file system. It has been announced this freeware project no longer maintained on 28 May 2014.