Talks & Presentations
Curriculum Vitae
Open Source Projects
Favorite (IT-)Books
Legal Research Toolbox
Network Security Toolbox
Favorite Movie Quotes
New York, NY

The Network Security Toolbox

Wireshark (formerly Ethereal)  The most powerful network sniffer & protocol analyzer; comes with a GUI and is also available for windows
tcpdump  the ultimate network sniffer
ngrep  tcpdump + grep = ngrep
ping/traceroute/nslookup/telnet  The standard tools even available on Windows; on Windows you'll find ping's -t option useful; on Windows traceroute is named tracert
nmap  THE network scanner; it was even used in the movie "The Matrix" :)
hping2  allows you to do a ping/traceroute with the packets you want (e.g. you think your ISP is blocking some P2P protocol by sending RST packets? go find out!)
a pre-compiled version Windows XP SP2 is available from Darknet
netcat  The TCP/IP Swiss Army Knife.
Paros  A great tool for web application security assessment; its "trap" feature allows you to modify HTTP requests and responses on the fly!
WebScarab  Open Web Application Security Project's WebScarab works like Paros but is even more powerful!
A real must have for web application security assessment.
dig  The standard tool for quering DNS servers; for windows you can find it in the binary distribution of BIND
Stunnel  The SSL Wrapper
Cygwin  A Linux-like environment for Windows; It allows you to use tools such as:
- curl: do HTTP/HTTPS and FTP/FTPS request your way
- wget: simple but effective way to automate your downloads
- whois: tool for searching in WHOIS databases
- netcat (nc): The TCP/IP Swiss Army Knife
- OpenSSH: free implementation of SSH
- OpenSSL: free implementation of SSL/TLS
Nessus  The ultimate vulnerability scanner
Snort  The ultimate network intrusion detection environment (NIDS)
AIDE  The Advanced Intrusion Detection Environment; even though it's a host based intrusion detection environment (HIDS) it's often your last line of defense against an intrusion into your network.
GnuPG  An OpenPGP implementation; the following plugins allow an integration into your mail user agent:
- GPGol: Outlook plugin;
- Enigmail: Plugin for Mozilla/Netscape and Thunderbird;
dumpnet  A great backup tool I have written myself; it was tested on Windows/Cygwin, RedHat Fedora Core Linux, Novell/SUSE Linux, Debian GNU/Linux, FreeBSD, OpenBSD and Solaris.
Putty  A great SSH client for windows.
Sam Spade  Network query tool with a windows GUI that integrates dig, whois, finger, traceroute, ping and others
SuperScan v3 & v4  Network scanner with a GUI for windows; I find versions 3 and 4 to be quite different but both very useful
VisualRoute  Visual traceroute that will give you geographical information; for Windows only
Sysinternals Tools  The windows netstat command is fine, but it's nothing against Sysinternal's TCPView; for windows only
Sysinternal's tools not related to networking are exceptional too: Autoruns, Diskmon, Filemon, Portmon, Procexp, pstools, Regmon, RootkitRevealer, strings (the latter being more essential than exceptional)
Note: Sysinternals was acquired by Microsoft in July 2006.
UltraEdit  The best text editor for Windows; I don't go anywhere without it :)
VMWare Workstation  There is a life before and after VMWare; it allows you to virtualize hardware so that you can run almost any x86 operating system from within your regular OS. I run SUSE, Fedora, Debian, FreeBSD, OpenBSD, Solaris and Windows NT with it.
Unspecified Sniffers & Exploit Tools  To be better prepared for attacks against your network you will want to use the tools your enemies are using; as making available these tools is a criminal offence in Austria (see Convention on Cybercrime, Article 6) I cannot provide any links here :(

Additionally the following URLs and mailing lists will prove very useful:


Common Vulnerabilities and Exposures (CVE)
X-Force, Internet Security Systems, Inc. (ISS)
SANS Institute
SANS Internet Storm Center
National Vulnerability Database (formerly known as I-CAT)
NIST Computer Security Resource Center (CSRC)
The CERT operated by the Carnegie Mellon University
United States Computer Emergency Readiness Team
Secunia Portal Website
The Cassandra Tool (provided by CERIAS at Purdue University)

Mailing List

BugTraq []
Full-Disclosure []
Secunia Security Advisories []
SANS NewsBites
SANS @Risk: The Consensus Security Alert
US-CERT Technical Cyber Security Alerts []
US-CERT Cyber Security Bulletins []
Vulnwatch []
NIST's Computer Security Publications []