From toby.kohlenberg@intel.com Thu Oct 17 16:31:29 2002
Date: Thu, 2 May 2002 14:42:56 -0700 
Subject: traffic analysis products
From: "Kohlenberg, Toby" <toby.kohlenberg@intel.com>
To: "'dittrich@cac.washington.edu'" <dittrich@cac.washington.edu>

This is my list of traffic analysis tools. Most you know about, I suspect
but the ones
that you might find interesting and not have heard of are:
Q1 Labs & Narus, if you haven't checked them out, Lancope is cool, as is
NetIntercept.

If you'd pass along any other tools/products you find I'd appreciate it.

Traffic analysis tools 
captus networks <http://www.captusnetworks.com/captio.htm>
About Q1 Labs <http://www.q1labs.com/> 
TrafCNT <http://mita.pp.ru/projects/trafcnt/trafcnt.html> 
ifmonitor is a simple network interface traffic logger and grapher for linux
<http://ifmonitor.preteritoimperfeito.com/> 
Concord Performance Management Software: eHealth - Network
<http://www.concord.com/solutions/products/network.shtml> 
NARUS Internet Business Infrastructure Solutions <http://www.narus.com/> 
Lancope Products - Stealthwatch Overview
<http://www.lancope.com/products/index.htm> 
Sandstorm Enterprises - NetIntercept
<http://www.sandstorm.net/Products/NetIntercept/> 
NIKSUN - Non-intrusive network monitoring technologies
<http://www.niksun.com/> 
Internet Tool Summaries - CAIDA : TOOLS : taxonomy : measurement
<http://www.caida.org/tools/taxonomy/measurement/summaries.xml#xplot> 
Scripts for Summarizing TCP Connections
<http://ita.ee.lbl.gov/html/contrib/tcp-reduce.html> 
CyberGauge <http://www.neon.com/CyberGauge.html> 
Sec - free and platform independent event correlation tool
<http://kodu.neti.ee/~risto/sec/> 
IPAUDIT-WEB <http://ipaudit.sourceforge.net/ipaudit-web/index.html> 
IPAUDIT <http://ipaudit.sourceforge.net/> 
MRTG- Multi Router Traffic Grapher <http://www.mrtg.org> 
Silent Runner and Internet Privacy 06-15-2000
<http://www.siliconvalleyworld.com/news/internet/internet/netPrivacy06-15.sh
tm> 
Silent Runner <http://www.silentrunner.com> 
IPTraf - An IP Network Monitor <http://cebu.mozcom.com/riker/iptraf/> 
Shadow Sensor/OS
<http://www.whitehats.ca/screen/whitehatsca/members/members_home/seeker/shad
ow/shadow_IDS.html> 
CIDER (Shadow IDS) PROJECT <http://www.nswc.navy.mil/ISSEC/CID/> 
ntop - network top <http://www.ntop.org/ntop.html>


Toby Kohlenberg, CISSP, GCIA, GCIH
Information Security Analyst
503-456-2302  Office & Voicemail
877-497-1696  Pager
"Just because you're paranoid, doesn't mean they're not after you."

PGP Fingerprint:
92E2 E2FC BB8B 98CD 88FA  01A1 6E09 B5BA 9E84 9E70