Must Have - Networking and Security Tools For *BSD

What networking and security software do you use diagnose network problems and solve security problem? Please share your handy tools...

  1. nmap
  2. tcpdump
  3. snort
  4. john the ripper
  5. Scapy
SirDice said:
Stricly speaking not software but

6. Your brain

I don't have one of those, and I've been getting along fine, :p.

On a serious note, Wireshark helps quite a bit.. for web dev, vim and firefox's firebug.
For #1 I would say both nmap and nc(1). nmap is a far more flexible port scanner, but nc is part of the base system, and it offers some unique functionality (i.e. allowing you to set up pretend daemons for testing purposes).

I think we should also add a HIDS to list. In the past, security/aide has been my weapon of choice. The mtree(8) application also is a nice makeshift HIDS (as outlined by Dru in BSD Hacks).

There are also a couple other FreeBSD-specific security oriented tools and concepts that are essential IMO:

Excellent, I always wondered about those two MIBs and never thought of looking at the man page - blackhole(4).
anomie said:
  • some notable sysctl MIBs: esp. blackhole(4), security levels in init(8), and various other MIBs to tweak layer 4 communication

Those backhole sysctls are intriguing. However reading the man I have one question: what's the difference between net.inet.tcp.blackhole 1 or 2?
Nevermind. Found the answer to my question. At '1' SYN packets arriving on a closed port will be dropped without a RST packet being sent back. With the value set as '2', all packets arriving on a closed port are dropped without an RST being sent back.