Open-Source Tools For Networking Security Monitoring

Network security management tools are the components across an IT environment that contribute to overall network security, typically centralized through dedicated security software.

Network security software gathers information from tools like firewalls, antivirus software, and intrusion prevention systems used in organizations to help ensure data security, connectivity, and productivity. In distributed environments, these tools are often synchronized using SIEM software for better governance and centralized monitoring.

By collecting and analyzing real-time event logs from these tools, admins can get an up-to-date overview of their IT environment. A major goal of using these tools is to make sure that unauthorized users, from former employees to external hackers, cannot gain access to the network.

Below is the essential list of open-source tools to test networking security monitoring:

  • ChopShop – Framework to aid analysts in the creation and execution of pynids-based decoders and detectors of APT tradecraft.
  • Maltrail – Malicious network traffic detection system.
  • Moloch – Augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access.
  • OwlH – Helps manage network IDS at scale by visualizing Suricata, Zeek, and Moloch life cycles.
  • Real Intelligence Threat Analysis (RITA) – Open source framework for network traffic analysis that ingests Zeek logs and detects beaconing, DNS tunneling, and more.
  • Respounder – Detects the presence of the Responder LLMNR/NBT-NS/MDNS poisoner on a network.
  • Snort – Widely-deployed, Free Software IPS capable of real-time packet analysis, traffic logging, and custom rule-based triggers.
  • SpoofSpotter – Catch spoofed NetBIOS Name Service (NBNS) responses and alert to an email or log file.
  • Stenographer – Full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes.
  • Suricata – Free, cross-platform, IDS/IPS with on- and off-line analysis modes and deep packet inspection capabilities that is also scriptable with Lua.
  • Tsunami – General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
  • VAST – Free and open-source network telemetry engine for data-driven security investigations.
  • Wireshark – Free and open-source packet analyzer useful for network troubleshooting or forensic netflow analysis.
  • Zeek – Powerful network analysis framework focused on security monitoring, formerly known as Bro.
  • netsniff-ng – Free and fast GNU/Linux networking toolkit with numerous utilities such as a connection tracking tool (flowtop), traffic generator (trafgen), and autonomous system (AS) trace route utility (astraceroute).