Tool Name : Nessus
URL : http://www.nessus.org
Debian Package Name : nessus

Description: Remote network security auditor, the client
The Nessus Security Scanner is a security auditing tool. It makes
possible to test security modules in an attempt to find vulnerable
spots that should be fixed.
.
It is made up of two parts: a server, and a client. The server/daemon,
nessusd, is in charge of the attacks, whereas the client, nessus,
interferes with the user through nice X11/GTK+ interface.
.
This package contains the GTK+ 1.2 client, which exists in other
forms and on other platforms, too.

-------------------------------------------------------------------------

Tool Name : Netcat
URL : http://www.l0pht.com/~weld/netcat/ (unofficial site)
Debian Package Name : netcat

Description: TCP/IP swiss army knife
A simple Unix utility which reads and writes data across network
connections using TCP or UDP protocol. It is designed to be a reliable
"back-end" tool that can be used directly or easily driven by other
programs and scripts. At the same time it is a feature-rich network
debugging and exploration tool, since it can create almost any kind of
connection you would need and has several interesting built-in
capabilities.

-------------------------------------------------------------------------

Tool Name : Tcpdump
URL : http://www.tcpdump.org
Debian Package Name : tcpdump

Description: A powerful tool for network monitoring and data acquisition
This program allows you to dump the traffic on a network. It can
be used to print out the headers of packets on a network interface
that matches a given expression. You can use this tool to track down
network problems, to detect "ping attacks" or to monitor the network
activities.

-------------------------------------------------------------------------

Tool Name : Snort
URL : http://www.snort.org
Debian Package Name : snort

Description: flexible packet sniffer/logger that detects attacks
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.

-------------------------------------------------------------------------

Tool Name : Ethereal
URL : http://ethereal.zing.org/
Debian Package Name : ethereal

Description: Network traffic analyzer
Ethereal is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. It uses GTK+, a graphical user interface
library, and libpcap, a packet capture and filtering library.

-------------------------------------------------------------------------

Tool Name : Abacus Portsentry
URL : http://www.psionic.com/abacus/portsentry/
Debian Package Name : portsentry

Description: Portscan detection daemon
PortSentry has the ability to detect portscans(including stealth scans) on
the network interfaces of your machine. Upon alarm it can block the attacker
via hosts.deny, dropped route or firewall rule. It is part of the Abacus
program suite.
.
Note: If you have no idea what a port/stealth scan is, I'd recommend to have
a look at http://www.psionic.com/abacus/portsentry/ before installing this
package. Otherwise you might easily block hosts you'd better not(e.g. your
NFS-server, name-server, ...).

-------------------------------------------------------------------------

Tool Name : Tripwire
URL : http://www.tripwire.com/ (COMMERCIAL)
Debian Package Name : tripwire

Description: A file and directory integrity checker.
Tripwire is a tool that aids system administrators and users in
monitoring a designated set of files for any changes. Used with
system files on a regular (e.g., daily) basis, Tripwire can notify
system administrators of corrupted or tampered files, so damage
control measures can be taken in a timely manner.

-------------------------------------------------------------------------

Tool Name : Sniffit
URL : http://reptile.rug.ac.be/~coder/sniffit/sniffit.html
Debian Package Name : sniffit

Description: packet sniffer and monitoring tool
sniffit is a packet sniffer for TCP/UDP/ICMP packets.
sniffit is able to give you very detailed technical info
on these packets (SEC, ACK, TTL, Window, ...) but also
packet contents in different formats (hex or plain text,
etc. ).

-------------------------------------------------------------------------

Tool Name : SATAN
URL : http://www.fish.com/satan/
Debian Package Name : satan

Description: Security Auditing Tool for Analysing Networks
This is a powerful tool for analyzing networks for vulnerabilities
created for sysadmins that cannot keep a constant look at bugtraq,
rootshell and the like.

-------------------------------------------------------------------------

Tool Name : iptables
URL : http://netfilter.kernelnotes.org/
Debian Package Name : iptables

Description: IP packet filter administration for 2.4.X kernels
Iptables is used to set up, maintain, and inspect the
tables of IP packet filter rules in the Linux kernel.
The iptables tool also supports configuration of dynamic and static
network address translation.

-------------------------------------------------------------------------

Tool Name : John The Ripper
URL : http://www.openwall.com/john/
Debian Package Name : john

Description: An active password cracking tool
john, normally called john the ripper, is a tool to find
weak passwords of your users.

-------------------------------------------------------------------------

Tool Name : Hunt
URL : http://www.cri.cz/kra/index.html#HUNT
Debian Package Name : hunt

Description: Advanced packet sniffer and connection intrusion.
Hunt is a program for intruding into a connection, watching it and
resetting it.
.
Note that hunt is operating on Ethernet and is best used for connections
which can be watched through it. However, it is possible to do something
even for hosts on another segments or hosts that are on switched ports.

-------------------------------------------------------------------------

Tool Name : SSH
URL : http://www.ssh.com/commerce/index.html (some versions COMMERCIAL)
Debian Package Name : ssh

Description: Secure rlogin/rsh/rcp replacement (OpenSSH)
OpenSSH is derived from OpenBSD's version of ssh, which was in turn
derived from ssh code from before the time when ssh's license was
changed to be non-free.
Ssh (Secure Shell) is a program for logging into a remote machine
and for executing commands on a remote machine.
It provides secure encrypted communications between two untrusted
hosts over an insecure network. X11 connections and arbitrary TCP/IP
ports can also be forwarded over the secure channel.
It is intended as a replacement for rlogin, rsh and rcp, and can be
used to provide rdist, and rsync with a secure communication channel.

This software may be freely imported into the United States; however,
the United States Government may consider re-exporting it a criminal
offense. Thus, if you are outside the US, please retrieve this
software from outside the US.
In some countries, particularly Russia, Iraq, Pakistan, and France, it
may be illegal to use any encryption at all without a special permit.

-------------------------------------------------------------------------

Tool Name : tcp wrappers
URL : ftp://ftp.porcupine.org/pub/security/index.html
Debian Package Name : libwrap0

Description: Wietse Venema's TCP wrappers library
Wietse Venema's network logger, also known as TCPD or LOG_TCP.
.
These programs log the client host name of incoming telnet,
ftp, rsh, rlogin, finger etc. requests. Security options are:
access control per host, domain and/or service; detection of
host name spoofing or host address spoofing; booby traps to
implement an early-warning system.

-------------------------------------------------------------------------

Tool Name : Ntop
URL : http://www.ntop.org
Debian Package Name : ntop

Description: display network usage in top-like format
ntop is a Network Top program. It displays a summary of network usage by
machines on your network in a format reminicent of the unix top utility.
.
It can also be run in web mode, which allows the display to be browsed with
a web browser.

-------------------------------------------------------------------------

Tool Name : traceroute
URL : http://www.linux.com (or most other UNIX)
Debian Package Name : traceroute

Description: Traces the route taken by packets over a TCP/IP network.
The traceroute utility displays the route used by IP packets on their way to a
specified network (or Internet) host. Traceroute displays the IP number and
host name (if possible) of the machines along the route taken by the packets.
Traceroute is used as a network debugging tool. If you're having network
connectivity problems, traceroute will show you where the trouble is coming
from along the route.
.
Install traceroute if you need a tool for diagnosing network connectivity
problems.

-------------------------------------------------------------------------

Tool Name : telnet
URL : http://www.linux.com (or most other UNIX)
Debian Package Name : telnet

Description: The telnet client.
The telnet command is used for interactive communication with another host
using the TELNET protocol.

-------------------------------------------------------------------------

Tool Name : scanlogd
URL : http://www.openwall.com/scanlogd/
Debian Package Name : scanlogd

Description: A portscan detecting tool
Scanlogd is a daemon written by Solar Designer
to detect portscan attacks on your maschine.

-------------------------------------------------------------------------

Tool Name : logcheck
URL : http://www.psionic.com/abacus/logcheck/
Debian Package Name : logcheck

Description: Mails anomalies in the system logfiles to the administrator
Logcheck is part of the Abacus Project of security tools. It is a program
created to help in the processing of UNIX system logfiles generated by the
various Abacus Project tools, system daemons, Wietse Venema's TCP Wrapper
and Log Daemon packages, and the Firewall Toolkit© by Trusted Information
Systems Inc.(TIS).
.
Logcheck helps spot problems and security violations in your logfiles
automatically and will send the results to you in e-mail. This program is
free to use at any site. Please read the disclaimer before you use any of
this software.

-------------------------------------------------------------------------

Tool Name : Perl
URL : http://www.perl.org
Debian Package Name : perl

Description: Fake package used for a smooth upgrade
This package depends on perl-5.004. Perl-5.005 will conflict
with perl so that all dependencies on perl will have to have
vanished before perl-5.005 will be installed. The scripts and
non-binary modules have to depend on perl5 and the
binary modules on perl-5.005 (or whatever is the latest version
of perl available in Debian).
.
It does also contain the io provides/replaces/conflicts. This
has been removed from the perl-5.00X since io has disappeared
a long time ago.

-------------------------------------------------------------------------

Tool Name : Ngrep
URL : http://www.packetfactory.net/Projects/ngrep/
Debian Package Name : ngrep

Description: grep for network traffic
ngrep strives to provide most of GNU grep's common features,
applying them to the network layer. ngrep is a pcap-aware tool that
will allow you to specify extended regular expressions to match
against data payloads of packets. It currently recognizes TCP, UDP
and ICMP across Ethernet, PPP, SLIP and null interfaces, and
understands bpf filter logic in the same fashion as more common
packet sniffing tools, such as tcpdump and snoop.

-------------------------------------------------------------------------

Tool Name : Cheops
URL : http://www.marko.net/cheops/
Debian Package Name : cheops

Description: A GTK based network "swiss-army-knife"
Cheops gives a simple interface to most network utilities, maps local or remote networks and can show OS types of the machines on the network.

-------------------------------------------------------------------------

Tool Name : Libnet
URL : http://www.packetfactory.net/libnet/
Debian Package Name : libnet0-dev

Description: Routines for the construction and handling of network packets.
libnet provides a portable framework for low-level network packet writing and
handling.
.
Libnet features portable packet creation interfaces at the IP layer and link
layer, as well as a host of supplementary functionality. Still in it's
infancy however, the library is evolving quite a bit. Additional functionality
and stability are added with each release.
.
Using libnet, quick and simple packet assembly applications can be whipped up
with little effort. With a bit more time, more complex programs can be written
(Traceroute and ping were easily rewritten using libnet and libpcap).

-------------------------------------------------------------------------

Tool Name : LSOF
URL : ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
Debian Package Name : lsof-2.2

Description: List open files.
Lsof is a Unix-specific diagnostic tool. Its name stands
for LiSt Open Files, and it does just that. It lists
information about any files that are open by processes
current running on the system.
The binary is specific to kernel version 2.2

-------------------------------------------------------------------------

Tool Name : IPTraf
URL : http://cebu.mozcom.com/riker/iptraf/
Debian Package Name : iptraf

Description: Interactive Colorful IP LAN Monitor
IPTraf is an ncurses-based IP LAN monitor that generates
various network statistics including TCP info, UDP counts,
ICMP and OSPF information, Ethernet load info, node stats,
IP checksum errors, and others.
.
Note that since 2.0.0 IPTraf requires a kernel >= 2.2

-------------------------------------------------------------------------

Tool Name : Queso
URL : http://www.apostols.org/projectz/queso/
Debian Package Name : queso

Description: Guess the operating system of a remote machine
by looking in the TCP replies.

-------------------------------------------------------------------------