SOLDIERX.COM Nobody Can Stop Information Insemination

A generic IP network transaction auditing tool
Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

fping is a ping(1) like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. Instead of trying one host until it timeouts or replies, fping will send out a ping packet and move on to the next host in a round-robin fashion. If a host replies, it is noted and removed from the list of hosts to check. If a host does not respond within a certain time limit and/or retry limit it will be considered unreachable.
Unlike ping, fping is meant to be used in scripts and its output is easy to parse.

Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include:
* Asynchronous stateless TCP scanning with all variations of TCP Flags.
* Asynchronous stateless TCP banner grabbing
* Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
* Active and Passive remote OS, application, and component identification by analyzing responses.
* PCAP file logging and filtering
* Relational database output
* Custom module support
* Customized data-set views

Foundstone's enhanced netstat
Fport reports all open TCP/IP and UDP ports on the machine you run it on and shows what application opened each port. So it can be used to quickly identify unknown open ports and their associated applications. It only runs on Windows, but many UNIX systems now provided this information via netstat (try 'netstat -pan' on Linux). Here is a PDF-Format SANS article on using Fport and analyzing the results.

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

Keeps track of ethernet/IP address pairings and can detect certain monkey business
Arpwatch is the classic ARP man-in-the-middle attack detector from LBNL's Network Research Group. It syslogs activity and reports certain changes via email. Arpwatch uses LibPcap to listen for ARP packets on a local ethernet interface.

ike-scan is a command-line tool that uses the IKE protocol to discover, fingerprint and test IPsec VPN servers. It is available for Linux, Unix, MacOS and Windows under the GPL license.

Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.
It is widely used by network administrators and just curious users around the world, including large and small enterprises, banks, and government agencies.
It runs on Linux, Windows, and Mac OS X, possibly supporting other platforms as well.

Advanced traceroute
Firewalk employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. This classic tool was rewritten from scratch in October 2002.