IDABench

One of my very favorite tools is IDABench. IDABench is a packet auditing tool using perl and tcpdump (and other libpcap based tools), based on Shadow. If you're familiar with Shadow, you know it's basic function is to capture packets into hourly dump files and give you a Web based interface to search those packets, as well as giving you a daily summary of source and destination addresses and ports. George Bakos, when he was at ISTS, the Institute for Security Technology Studies at Dartmouth, took Shadow and revamped it with Perl scripts to allow you to use ngrep, tethereal (now Wireshark's tshark) and p0f. What's even better is that IDABench is modular and can be modified to use just about any tool that can read pcap files. It runs on Linux and Apache and is a great tool for the intrusion analyst or team that looks at packets frequently. It hasn't been maintained for a number of years and as I searched for a download link, I found they all point back to ISTS and the page doesn't exist. That's a real shame, it's a very useful tool. If you're interested in trying it, let me know and I'll get the files to you...