Keep the bad guys' success at breaking through some security defenses from turning into a full-blown network incursion. Nova helps confuse and confound attackers doing network reconnaissance by configuring many different fake virtual servers "running" on the network using Honeyd and then uses a machine-learning traffic analyzer to monitor honeypts.
Designed to find non-contiguous sections of the corporate network, Fierce Domain Scan helps to solve the problem of discovery when IP ranges aren't close to one another, thus making traditional scans against IP ranges ineffective for big portions of the network.
A versitle tool that can be used to conduct firewall testing, advanced port scanning and TCP/IP auditing among other network testing tasks, Hping is a command line TCP/IP packet assembler and analyzer with support for TCP, UDP, ICMP, and RAW-IP. Among its features, it includes a traceroute and the ability to send files between a covered channel.
A staple in many a veteran security professional's stable of tools, Wireshark is a network protocol analyzer that allows users to drill down deeply into network activity, across hundreds of protocols and many major platforms, including Windows, Linux, OS X, Solaris, FreeBSD, and NetBSD. With read/write into dozens of capture file formats and data browsing via a GUI or TTY-mode utility, it offers tons of flexibility on its own or tied into other security tools and distributions.
A go-to tool for detecting rogue wireless activity, Kismet is wireless detector, sniffer and intrusion detection for monitoring 802.11 traffic. Set up in a drone, server, client architecture, Kismet depends ona drone to passively collect packets from wireless access points and clients, send them to the server for analysis and then pass on that data to the client to display that information.
An effective arrow in the quiver of network security tools, Ettercap stands as a valuable network protocol analysis and security auditing tool. With features that allow for both active and passive analysis of a number of protocols, Ettercap makes it possible to intercept traffic on network segments, capture passwords, and actively eavesdrop.
A valuable component of a number of broader penetration testing suites like Kali Linux and BackTrack, Xplico provides network forensics analysis on data streamed from sniffer tools like Wireshark. The tool can extract and reconstruct communications content exchanged via protocols of all sorts, including those across VoIP, MSN, IRC, HTTP, IMAP, POP, SMTP, and FTP.
While this tool is clearly designed to help sell its developer's commercial line of security tool, it is nevertheless a good, free tool to spot check next-gen firewall, IPS, and UTM effectiveness against advanced evasion techniques that can bypass perimeter defenses.
No round-up of free network security tools would be complete without a nod to Nmap -- after all, you can't protect the network if you don't know what its architecture looks like. With dozens of ways to discover resources in spite of obstacles like IP filters, firewalls, and routers, Nmap is a go-too tool for developing network inventories, managing service upgrade schedules, and monitoring host or service uptime and even vulnerability management, particularly when used in conjunction with other tools like OpenVAS.
The Swiss army knife of free network defense tools, Network Security Toolkit (NST) takes the best-of-breed approach by bundling a whole bunch of utilities under one mantle, including Kismet, Snort, Wireshark, and Netflow, among them.
Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio