# Must Have - Networking and Security Tools For *BSD



## vivek (Aug 28, 2009)

What networking and security software do you use diagnose network problems and solve security problem? Please share your handy tools... 


nmap
tcpdump
snort
john the ripper
Scapy


----------



## SirDice (Aug 28, 2009)

Stricly speaking not software but

6. Your brain


----------



## dennylin93 (Aug 28, 2009)

Nessus can scan for vulnerabilities. Nikto is pretty much limited to HTTP though.


----------



## CodeBlock (Aug 28, 2009)

SirDice said:
			
		

> Stricly speaking not software but
> 
> 6. Your brain



I don't have one of those, and I've been getting along fine, .

On a serious note, Wireshark helps quite a bit.. for web dev, vim and firefox's firebug.


----------



## anomie (Aug 31, 2009)

For #1 I would say both nmap and nc(1). nmap is a far more flexible port scanner, but nc is part of the base system, and it offers some unique functionality (i.e. allowing you to set up pretend daemons for testing purposes). 

I think we should also add a HIDS to list. In the past, security/aide has been my weapon of choice. The mtree(8) application also is a nice makeshift HIDS (as outlined by Dru in _BSD Hacks_). 

There are also a couple other FreeBSD-specific security oriented tools and concepts that are essential IMO: 

 ports-mgmt/portaudit
 FreeBSD jails (well, this also exists conceptually in Solaris, Linux, et al.) 
 some notable sysctl MIBs: esp. blackhole(4), security levels in init(8), and various other MIBs to tweak layer 4 communication
 chflags(1) (exists conceptually on other OSes and filesystems)


----------



## vivek (Sep 1, 2009)

@anomie,

Excellent, I always wondered about those two MIBs and never thought of looking at the man page - blackhole(4).


----------



## tangram (Sep 1, 2009)

anomie said:
			
		

> some notable sysctl MIBs: esp. blackhole(4), security levels in init(8), and various other MIBs to tweak layer 4 communication



Those backhole sysctls are intriguing. However reading the man I have one question: what's the difference between net.inet.tcp.blackhole 1 or 2?


----------



## tangram (Sep 1, 2009)

Nevermind. Found the answer to my question. At '1' SYN packets arriving on a closed port will be dropped without a RST packet being sent back. With the value set as '2', all packets arriving on a closed port are dropped without an RST being sent back.


----------



## phospher (Sep 10, 2009)

iperf and unicornscan.


----------



## Alt (Sep 10, 2009)

Networking and Security Tools... Hm....

0. ipfw / PF


----------



## lme@ (Sep 10, 2009)

net-mgmt/aircrack-ng


----------

