TaoSecurity: Tools Used in USENIX Day One Class

Monday, December 05, 2005

Tools Used in USENIX Day One Class

I'm teaching Network Security Monitoring in about 12 hours here at USENIX LISA 2005. If any of you attendees would like to try the tools in the slides, I'm posting links to their home pages. You can download them to your machines if you like!

IPCAD (net-mgmt/ipcad)

Trafshow (net/trafshow)

Tcpdstat (net/tcpdstat)

Fprobe (net-mgmt/fprobe)

Flow-tools (net-mgmt/flow-tools)

Argus (net-mgmt/argus)

Tcpreplay (net-mgmt/tcpreplay)

Tcpflow (net/tcpflow)

Ngrep (net/ngrep)

Flowgrep (net/flowgrep)

Netdude (net/netdude)

Tethereal (net/tethereal)

Snort (security/snort)

Here are the traces sf0.lpc and em0.lpc.

6 comments:

jose nazario said...: what? no matrixdump? :); 12:34 PM
Richard Bejtlich said...: Sorry Jose, Matrixdump is not in the ports tree. :) Just kidding -- neither is Sguil.; 10:03 AM
Johnny Foo said...: And what about Yersinia?; 1:24 PM
Richard Bejtlich said...: Yersenia isn't in the ports tree either! :) It's also not a NSM tool. It's an attack or testing tool.; 3:30 PM
Anonymous said...: I tried to download the traces sf0.lpc and em0.lpc. so that i could follow the book with the exemples, but the link says that the file does not exist.
So how can i download it ASAP?
thanks; 3:38 AM
Richard Bejtlich said...: http://www.taosecurity.com/tao_lpc.tar.gz; 7:28 AM