Bro - Network Security Monitor

  •        0

Bro is a powerful network analysis framework that is much different from the typical intrusion detection system you may know. Bro provides a comprehensive platform for more general network traffic analysis as well.

Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.

Bro comes with built-in functionality for a range of analysis and detection tasks, including extracting files from HTTP sessions, detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL certificate chains, and much more.

http://www.bro.org

Tags
Implementation
License
Platform

   

comments powered by Disqus


Related Projects

TCPDump - Network Packet Analyzer


TCPDump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture. It prints out a description of the contents of packets on a network interface that match the boolean expression. The Packet Capture library provides a high level interface to packet capture systems. All packets on the network, even those destined for other hosts, are accessible through this mechanism.

Snort


Snort is a libpcap-based sniffer/logger which can be used as a network intrusion detection and prevention system. It uses a rule-based detection language as well as various other detection mechanisms and is highly extensible.

ClearOS - Linux based Operating System


ClearOS is a powerful network and gateway server designed for small organizations and distributed environments. The open source revolution in the software industry has made it possible to provide ClearOS at no cost. Among other features, antivirus, antispam, VPN and content filtering are built right into the software -- no need for expensive third party add-ons. With ClearOS, you can avoid costly vendor lock-in and proprietary formats; instead, you can embrace open standards and protocols.

The libpcap project


libpcap is a system-independent interface for user-level packet capture. libpcap provides a portable framework for low-level network monitoring. Applications include network statistics collection, security monitoring, network debugging, etc.

ngrok - Introspected tunnels to localhost


ngrok is a reverse proxy that creates a secure tunnel between from a public endpoint to a locally running web service. ngrok captures and analyzes all traffic over the tunnel for later inspection and replay. You can give this URL to anyone to allow them to try out a web site you're developing without doing any deployment.

another file integrity checker


Afick is a fast and portable intrusion detection and integrity monitoring system, designed to work on all platform (it only needs perl and standard modules), including windows, linux, unix. The configuration syntax is very close from tripwire/aide

Asterisk - IP telephony commuincation product suitable for call center


Asterisk, converts an ordinary computer into a feature-rich voice communications server. Asterisk makes it simple to create and deploy a wide range of telephony applications and services, including IP PBXs, VoIP gateways, call center ACDs and IVR systems. It is maintained by Debian VoIP Team.

Ganglia - scalable distributed monitoring system


Ganglia is a scalable distributed monitoring system for high-performance computing systems such as clusters and Grids. It is based on a hierarchical design targeted at federations of clusters. It leverages widely used technologies such as XML for data representation, XDR for compact, portable data transport, and RRDtool for data storage and visualization.

SendmailAnalyzer


Sendmail log Analyzer is a tool to monitor sendmail usage and generate HTML and graph reports. It reports all you ever wanted to know about email trafic on your network. You can also use it in ISP environment with per domain and per mailbox report.

JMeter - Load and Performance tester


JMeter is a pure Java desktop application designed to load test functional behavior and measure performance. It may be used to test performance both on static and dynamic resources (files, Servlets, Perl scripts, Java Objects, Data Bases and Queries, FTP Servers and more). It can be used to simulate a heavy load on a server, network or object to test its strength or to analyze overall performance under different load types.