Snort and Base and Swatch on OS X Lion. I've installed the snort network intrusion prevention and detection system (IDS/IPS) on my OS X Lion Server along with BASE (web db interface) and Swatch (simple watchdog that emails alerts).
Lion Server has moved to PostgreSQL as Apple's db chpoice, and this setup uses postgres for everything. I'm posting my notes here in case they're useful to others -- most of these notes are taken by copying what others have done and posted elsewhere, though there are many Lion-specific steps here. Please chime in with corrections and comments, especially about any security issues. Some relevant websites for background and hints (with focus on MySQL installations, other BSD implementations): I'm assuming you've installed Xcode and MacPorts for Lion. . # Build snort # Do NOT use macports snort, but DO use snort's dependencies from macports $ sudo port install daq libdnet.
Free online network tools - traceroute, nslookup, dig, whois lookup, ping - IPv6. TCPDUMP/LIBPCAP public repository. FrontPage. This is the wiki site for the Wireshark network protocol analyzer.
If you are a member of the EditorGroup you can edit this wiki. To become an editor, create an account and send a request to wireshark-dev@wireshark.org which includes your wiki username. You can edit a page by pressing the link at the bottom of the page. See HowToEdit for details. If you want to try out wiki editing, you should use the WikiSandBox page. General. Netsniff-ng - the packet sniffing beast. Netsniff-ng. Netsniff-ng is a free Linux network analyzer and networking toolkit originally written by Daniel Borkmann.
Its gain of performance is reached by zero-copy mechanisms for network packets (RX_RING, TX_RING),[2] so that the Linux kernel does not need to copy packets from kernel space to user space via system calls such as recvmsg().[3] libpcap, starting with release 1.0.0, also supports the zero-copy mechanism on Linux for capturing (RX_RING), so programs using libpcap also use that mechanism on Linux. Overview[edit] Distribution specific packages are available for all major operating system distributions such as Debian[7] or Fedora Linux.
It has also been added to Xplico's Network Forensic Toolkit,[8] GRML Linux, SecurityOnion,[9] and to the Network Security Toolkit.[10] The netsniff-ng toolkit is also used in academia.[11][12] Ngrep - network grep. Ngrep. Ngrep (network grep) is a network packet analyzer written by Jordan Ritter.[2] It runs under the command line, and relies upon the pcap library and the GNU regex library. ngrep support Berkeley Packet Filter (BPF) logic to select network sources or destinations or protocols, and also allow to match patterns or regular expressions in the data payload of packets using GNU grep syntax, showing packet data in a human-friendly way.
Functionality[edit] ngrep is similar to tcpdump, but it has the ability to look for a regular expression in the payload of the packet, and show the matching packets on a screen or console. It allows users to see all unencrypted traffic being passed over the network, by putting the network interface into promiscuous mode. ngrep also can be used to capture traffic on the wire and store pcap dump files, or to read files generated by other sniffer applications, like tcpdump, or wireshark. ngrep has various options or command line arguments. EtherApe. EtherApe is a packet sniffer/network traffic monitoring tool, developed for Unix.
EtherApe is free, open source software developed under the GNU General Public License. Functionality[edit] Network traffic is displayed using a graphical interface. Each node represents a specific host. Links represent connections to hosts. History[edit] Originally authored by Juan Toledo, the first version of EtherApe (version 0.0.1) was released on February 18, 2000. Features[edit] Some of the features listed about EtherApe include (the following list refers to version 0.9.13 of EtherApe): Tcptrace - Official Homepage. Tcptrace. Tcptrace can produce several different types of output containing information on each connection seen, such as elapsed time, bytes and segments sent and received, retransmissions, round trip times, window advertisements, throughput, and more.
It can also produce a number of graphs for further analysis. As of version five, minimal UDP processing has been implemented in addition to the TCP capabilities. Packetsquare. Functionality[edit] PacketSquare-CapEdit works by editing protocol fields of the saved packet capture file and replaying.
In addition to editing and replaying it supports many features for extrapolation of captured traffic. Tcpdump. Tcpdump is a common packet analyzer that runs under the command line.
It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license,[3] tcpdump is free software. Cain & Abel. Cain & Abel is a password recovery tool for Microsoft Operating Systems.
It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.