Network Monitoring

UTM security gateway for IT networks with threat management and connectivity

Red Hand Analyzer is an online tool that provides automated behavioral analysis of PCAP files to detect malicious network activities and security vulnerabilities without decrypting traffic content.

An open-source application firewall that monitors and controls network traffic with custom filtering rules and real-time visibility into application connections.

LogRhythm NetMon is a network traffic analytics tool that provides real-time visibility, automated threat detection, and investigation capabilities for organizational networks.

A Zeek-based protocol analyzer that parses GQUIC traffic to extract connection metadata and create fingerprints for detecting anomalous network behavior.

Apache Spot is an open source big data platform that analyzes network flows and packet data to identify security threats and provide visibility into enterprise computing environments.

ZAT is a Python package that processes and analyzes Zeek network security data using machine learning libraries like Pandas, scikit-learn, Kafka, and Spark.

Makes output from the tcpdump program easier to read and parse.

Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.

A cross-platform network detection tool that identifies active Responder tools by sending LLMNR queries for fabricated hostnames.

An open-source network security monitoring tool.

HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.

DET (extensible) Data Exfiltration Toolkit is a proof of concept tool for performing Data Exfiltration using multiple channels simultaneously.

BPF+ is a generalized packet filter framework that achieves both high-level expressiveness and good performance for network monitoring and intrusion detection applications.

A tool that reads IP packets from the network or a tcpdump save file and writes an ASCII summary of the packet data.

A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.

BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.

A command-line tool that allows SQL queries to be executed directly on PCAP files for network traffic analysis with support for multiple output formats.

Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.

A search engine for the Internet of Things (IoT) that discovers and monitors devices connected to the internet.

DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.

An open source DDoS protection system that uses distributed algorithms to defend against multi-vector attacks and scale to handle varying bandwidth requirements for network operators and service providers.

High-performance packet capture library with zero copy functionality.

An open source packet capture and forwarding tool that captures network packets on one machine and sends them to another for remote monitoring and analysis.