Sniffer Detection

Scanhill project is a Microsoft Messenger Protocol Sniffer. Currently it can only intercept Instant Text Messaging. Optionally, intercepted text messages can be stored onto an RDMBS (Only mySQL is supported for now). Given that mySQL is used, stored instant messages can be read through a...

scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article (see below). Thus, unlike some of the other port scan detection tools out there, scanlogd is designed to be totally safe to use. This...

The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in...


Platforms: *nix

jNetStream is a protocol analyzer and a sniffer. A set of applications and complete Java library are provided with a comprehensive API. Hundreds of protocols have been defined, and the list can be expanded with a simple NPL language. It is appropriate for custom protocol development, grad...


Platforms: *nix

Pads (Passive Asset Detection System) is a signature-based detection engine used to passively detect network assets. Asset management is an important factor in information security. A good security administrator should keep track of all devices attached to the network. Even though active...


Platforms: *nix

EasyIDS software is an easy to install intrusion detection system configured for Snort. Based upon Patrick Harpers Snort installation guide and modeled after the trixbox installation cd, EasyIDS is designed for the network security beginner with minimal Linux experience. Whats New in This...


Platforms: *nix

Hogwash is an inline packet scrubber that uses Snorts detection engine to drop malicious packets before they reach the target. The original version of what is now hogwash was written in 1996 while I was at Idaho State University. I had a web server that when patched, broke the software it...


Platforms: *nix

pynids is a python wrapper for libnids, a Network Intrusion Detection System library offering sniffing, IP defragmentation, TCP stream reassembly and TCP port scan detection. Let your own python routines examine (or kill) network links. pynids is free software, licensed under the GPL. To...


Platforms: *nix

Vipuls Razor is a collaborative, distributed, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical...


Platforms: *nix

pcapsipdump is libpcap-based SIP sniffer with per-call sorting capabilities. It writes SIP/RTP sessions to disk in a same format, as "tcpdump -w", but one file per SIP session (even if there is thousands of concurrent SIP sessions).


Platforms: *nix

KOJAK (Kit for Objective Judgement and Knowledge-based Detection of Performance Bottlenecks) is a set of generic and interoperable tool components designed for the performance analysis of parallel applications. Their functionality addresses the entire analysis process including instrumentation,...


Platforms: *nix

pkdump is a port scanning detection tool. The program detect any TCP ,UDP port scanning or open connection attempt from foreign host over the internet with IP protocol version 4 or IP protocol version 6 . The program can detect: TCP connect , TCP syn , TCP fin , TCP xmas, TCP ack, TCP null(no...


Platforms: *nix

Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection. The most valuable feature of libnids is reliability. A number of tests were...


Platforms: *nix

ImSafe (Immune Security For your Enterprise) is a host-based intrusion detection tool. After a learning phase, it is able to detect changes in processes behavior, to detect buffer overflows, etc. It is implemented through a device driver (as a kernel patch) for the Linux kernel, but can also be...


Platforms: *nix

GstPUID is a GStreamer element that allows for fingerprint-based detection of music files using MusicDNS/MusicIP and Musicbrainz. It allows for detection of the tracks artist and title based on the audio data only. It works with any file format that is supported by GStreamer. GstPUID is...


Platforms: *nix

KMtraceViewer is a graphical user interface for the KMtrace leak detection program. KMtrace is part of the kdesdk package. Whats New in This Release: - fixed installation path of icons (for making them part of the package).


Platforms: *nix

passlogd is a purpose-built sniffer for capturing syslog messages in transit. This allows for backup logging to be performed on a machine with no open ports. Useful if your log server is compromised or you dont want to sift through a terabyte of sniffer logs. Passlogd is currently under...


Platforms: *nix

SID-IDS is a host intrusion detection system. Shell/PTY Intrusion Detection: Aims at detecting unwanted PTY action on UNIX systems. SID-IDS is a Host Intrusion Detection System. Consists of a kernel part and a user part. The kernel part plugs into terminal processing subsystem and logs hashed...


Platforms: *nix

Devialog is a behavior/anomaly-based syslog intrusion detection system which detectsattacks via anomalies in syslog. Present log-based IDS: Nearly all present log-based intrusion detection systems operate using a pre-defined known signature base, usually painstakingly created by hand. They...


Platforms: *nix

SIDEN is a distributed network discovery tool used for intrusion detection research. The current SIDEN architecture allows you to simulate coordinated/distributed network probes by a group of attackers. SIDEN has been tested successfully on the OpenBSD and FreeBSD operating systems. If you try...


Platforms: *nix