Security Tools/Auditing

From ITS Wiki - Information Technology Services - University of Rhode Island

(Redirected from ITS Security/Tools/Auditing)
Jump to: navigation, search

Wireshark

Wireshark Download
Wireshark is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

Snort

Snort Home Page
http://www.winsnort.com/files/file/7-windows-intrusion-detection-systems-64bit-core-software-support-pack/

Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. This is the software package that is used to gather information form the network.

SysTest

http://www.uri.edu/security/app/systest.bat
URI Homemade self-help .bat system auditing file.

Vision

Vision
FoundStone's Vision reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

TCPView

TCP View for Windows
See all open TCP and UDP endpoints. On Windows NT, 2000 and XP TCPView even displays the name of the process that owns each endpoint. Full source to the command-line version of this tool, netstatp, is included.

Big Brother

Big Brother Download
Big Brother monitors System and Network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging.