Apple Broadband Tuner

Freeware

Current Version: 1.0 (November 29, 2005)

Apple Broadband Tuner is an official "patch" from Apple that tweaks selected network settings on Mac OS X 10.4 to increase the performance of FiOS-based high-speed Internet connections. From the Broadband Tuner home page:

"The Broadband Tuner allows you to take full advantage of very high speed FiOS based Internet connections that have a high latency. The installer tweaks some system parameters.

"There is an optional uninstaller that can be used to restore the settings that were in effect at the time just before the system parameters were changed.

"The installer increases the default values for the size of the TCP send and receive buffers. With larger buffers more data can be in transit at once. A startup configuration file is also updated so that these changes will persist across restarts.

"The system parameters are sysctl variables that are set as follows:

• net.inet.tcp.sendspace: 131072
• net.inet.tcp.recvspace: 358400
• kern.ipc.maxsockbuf: 512000

"This change has a system wide effect and is applied even if the network is not high speed connection with a high latency, with the exception of modem connections for which the system uses small default TCP buffer sizes."

Drew notes: This program, which is written as a series of Perl scripts, does its magic by writing to (or creating, if necessary) your /etc/sysctl.conf file.

Please note that this is for one very specific type of Internet connection (FiOS), and Apple has clarified this since releasing the software on 11/28/2005.

I'd prefer to see Apple release this as (part of) a Preference pane rather than a klunky installer/uninstaller package. I would imagine that Apple plans precisely this (or perhaps an automatic variant) for a future release of Mac OS X.

Berkeley Packet Monitor

Shareware; $6

Current Version: 1.5 (July 31, 2007)

Berkeley Packet Monitor is a Mac OS X network traffic monitoring and diagnostic utility. It uses the Berkeley Packet Filter devices built into the Mac OS X operating system to log and re-assemble all packets entering and exiting from a specific network interface. The software can be configured to log ICMP, TCP, and UDP packets and will allow you to view the raw data contained in each packet sent or received. If you like the program or use it frequently you may register your copy for $6 at http://www.kagi.com/.

Version 1.5 - the first release since December 2005 - adds/changes the following:

• Added a built-in "Help Book" with IP header informational references.
• Universal binary.

DoorStop X Firewall

Commercial; $49

Current Version: 2.3 (October 26, 2009)

Open Door Networks produces the DoorStop X software-based firewall, which works with the Who's There? Firewall Advisor software.

Version 2.3 adds/changes the following:

• Snow Leopard support. Version 2.3 of the products provides full Snow Leopard support, including details and advice regarding Snow Leopard-specific issues. Also bug fixes.
• iPhone support. Version 2.3 of the products includes information and advice specific to the iPhone and its integration with the Macintosh. The book, newly renamed to include "iPhone" in the title, now has a whole chapter devoted to the iPhone and iPod touch, plus iPhone details throughout.
• Twitter stream. Security issues change so quickly these days, sometimes a blog isn't even fast enough. So, with 2.3 we've added a Twitter stream too, and integrated it with the products through a new "News" menu. Look for real-time links to evolving Mac and iPhone Internet security issues here.
• Other enhancements. 2.3 products include a number of other enhancements, such as non-admin user support for the DoorStop X firewall, a much improved geo-location service for the Who's There? Firewall Advisor and information and advice on many new security issues.

Firewall Builder

Shareware; $79.00

Current Version: 2.1.19 (May 20, 2008) / 4.0.1 (June 4, 2010)

Firewall Builder is multi-platform firewall configuration and management tool. It consists of a GUI and set of policy compilers for various firewall platforms. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations. Firewall Builder currently supports iptables, ipfilter, OpenBSD PF and Cisco PIX.

Being truly vendor-neutral, Firewall Builder can generate configuration file for any supported target firewall platform from the same policy created in its GUI. This provides for both consistent policy management solution for heterogeneous environments and possible migration path.

Version 4.0.0 added/changed the following:

• "Single rule compile"
• Changes and improvements in the GUI
• Password caching in built-in installer
• Customazable templates ("configlets")
• Changes in the structure of generated Linux firewall script
• Support for high availability firewall configurations
• Support for OpenWRT
• Branching rules in NAT
• Incremental management of IP addresses, VLAN, bridge and bonding interface configuration
• Built-in installer is much faster when working with Cisco routers and ASA (PIX) firewalls
• Using EEM for automatic rollback of the configuration changes with Cisco routers
• Automatic generation of "mirrored" rules for Cisco routers

Version 4.0.1 introduces a huge number of additional bugfixes, which are detailed in the online release notes.

The download packages work in evaluation mode for 30 days and can be unlocked with a license file. Please note: Mac OS X packages are built on Intel-based Mac running Leopard. The author has been having difficulties building universal packages with QT so these will not work on PowerPC Macs, so the old PowerPC version (2.1.19) remains available.

Flying Buttress

Shareware; $25

Current Version: 1.4 (January 2, 2006)

Please note: Flying Buttress was formerly known as BrickHouse.

From the Flying Buttress home page:

"Flying Buttress is designed to make using the network firewall built in to Mac OS X quick and easy. By using Flying Buttress to enable your computer's firewall, you can help prevent unauthorized villains from gaining access to your computer via your internet connection, and from performing network attacks.

"While Mac OS X is fairly secure as installed, it also includes a powerful network traffic filter or firewall that can both prevent break-in attempts and keep your computer from being used in attack on another computer. Unfortunately, the default installation leaves it wide open, and you must manually 'add rules' or filters using a command line tool called ipfw. You need to use Terminal.app to do this. My mom isn't going to be able to do this.

"That's where Flying Buttress comes in. Flying Buttress provides a simple and easy interface to setting and activating your firewall's filters. It also includes a firewall monitor window to allow you to see how often each filter is used. Filter settings can be saved and switched quickly, and imported and exported to and from disk. Settings can be created by knowledgeable users and admins, and distributed to others to disable specific or recently discovered attack techniques."

Version 1.4 adds/changes the following:

• Changed name to Flying Buttress.
• Fixed startup item issue under 10.3.9 or higher.

HenWen

Open source; $0

Current Version: 2.1.2 (June 21, 2005)

HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary. Features include:

• Includes a precompiled Snort binary for Mac OS X (minor change made to source, see the included Changed Source directory for details)
• Drag and drop installation (no installer or uninstaller necessary)
• Supports all major Snort preprocessor and output plugins
• Supports all Snort rules that are current at the time of this writing
• Supports configuring all current Snort rule variables
• Supports direct logging to MySQL databases
• Supports ODBC database logging (for PostgreSQL, Oracle, MS SQL Server, and more)
• Supports auto-blocking
• Can update Snort rules over the network
• Can set up Snort to run at system startup
• Supports modem and broadband network connections
• Runs on HFS+, UFS, AFP, and NFS volumes (SMB and other volume types should work as well, but they haven't been tested)
• Available in English, German, and Italian (in the same package)
• And more...

Version 2.1.2 adds/changes the following:

• Restored compatibility with Mac OS X 10.2.x.
• Fixed a problem which made it impossible to edit variables and rules under Mac OS X 10.4.x.
• The "Launch Snort as a startup item" menu item works again under Mac OS X 10.4.x.

Hostal

Shareware; $9.99

Current Version: 1.4.5 (January 13, 2009)

One of the questions I am asked most frequently is: "How do I set up a 'Hosts' file on my Macintosh?" Usually, I point people to Apple's reference pages (Mac OS X and Classic Mac OS) on the topic. However, the folks at Lazy Mountain Software have written a simple shareware application that allows much easier configuration of your machine's Hosts file, should you require one. Hostal supports both host mapping and host blocking, as well as "Time to Live" to prevent stale host mappings. For users on a network, Hostal detects an existing Hosts file and incorporates those settings as well. If manual configuration of your Hosts file gives you headaches, be sure to give Hostal a try. A Windows version is also available.

Version 1.4.5 makes undocumented changes from version 1.4.4; version 1.4 was the first "Universal Binary" release of Hostal, for native performance on both PowerPC- and Intel-based Macs.

HTTP Scoop

Commercial; £10

Current Version: 1.4.3 (November 16, 2009)

Tuffcode Limited produces HTTP Scoop, an HTML traffic analyzer/packet sniffer that makes it easy for developers and others to easily analyze client-server communication and diagnose scripts and web applications by observing the actual traffic running between the web browser and web server.

HTTP Scoop provides functionality similar to the network analysis tools included with Interarchy, but it is specifically dedicated to monitoring HTTP traffic (rather than all TCP/IP traffic), and includes specialized features (such as HTML and XML syntax highlighting) that are in tune with this philosophy. For example, while command line tools such as tcpflow, tcpdump, and ethereal perform similar functions, these tools do not fully decode all of the traffic that HTTP can deliver (such as GZIP content encoding).

Version 1.4.3 adds/changes the following:

• German localisation.
• Enter key shortcut now works on Snow Leopard to bring up detail window.
• Fix for bug where requests left hanging in 'Receiving' state even though complete (whilst TCP connections kept alive for 1xx, 204 and 304 response codes or HEAD requests).
• Fixed occasional failure to update hex view when a new packet selected in TCP/IP tab.

The demonstration version provides a fully-functional 14-day trial of the software.

InterMapper

Commercial; See text.

Current Version: 5.3.2 (July 20, 2010)

Dartware (the nucleus of which is comprised of former programmers from Dartmouth College) produces a heck of a lot of great Mac Internet software, and has some interesting commercial offerings. InterMapper is a an AppleTalk and IP network mapping and management tool that provides powerful Internet mapping and SNMP monitoring.

InterMapper is priced by the number of devices that you monitor. Every piece of network equipment (e.g., each router, switch, hub, etc) counts as a device. The total of the devices being monitored determines the license tier you will need. See the pricing page for more details.

Version 5.3 introduced a number of enhancements:

• Better performance when handling maps with many hidden interfaces: The way we handle maps with thousands or tens of thousands of interfaces has been revamped to be much faster and crisper. These maps used to take many minutes to open; they should now be nearly instantaneous, and they should be much more responsive once open.
• More powerful interfaces window: The interfaces window is now modeless, which means that you may have multiple such windows open at the same time, and that you may still work with your maps while the windows are open. In addition, the windows are updated at each polling interval so that the data is now live, rather than static. You can now acknowledge and unacknowledge interfaces and can toggle "Allow Periodic Reprobe" behavior from the interfaces window.
• Many behind-the-scenes improvements in exporting to the InterMapper Database and InterMapper DataCenter: We have made many behind-the-scenes changes to the way InterMapper exports data to the InterMapper Database to improve performance and reliability, especially to prevent the act of exporting from affecting the primary monitoring function of InterMapper. We have also made changes to InterMapper DataCenter to improve performance and reliability.
• Localization: InterMapper is now available in languages other than English. Please check with sales@dartware.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it to see what languages are currently supported. If translations other than English are available, InterMapper and InterMapper RemoteAccess preferences contain a Language Options panel from which you can choose the language you want to use in the user interface. In InterMapper Datacenter, the first-start wizard includes a locale chooser, with a corresponding chooser on the Settings page.

Version 5.3.2 is primarily a bugfix release.

InterMapper for Mac OS X requires Mac OS X 10.4 or newer. Any computer that can run Mac OS X will easily handle large maps. A minimum of 50 MBytes of disk space is required, although 1 GB or more will allow historical data to be stored. The Mac OS X InterMapper Remote application automatically selects the proper Java VM.

IP Monitor

Shareware; $5

Current Version: 1.3.2

IP Monitor is a very small application that displays your current IP address or subnet mask in a floating window, and allows you to easily copy either of these items to your clipboard for use in applications or documents where it is necessary to make this information known to others. It's AppleScript-able, and very handy. Version 1.3.2 implements access to the Remote Access control panel as well as support for menu sharing under Mac OS X.

IPNetShareX

Shareware; see site

Current Version: 1.0c5 (June 2, 2005)

IPNetShareX (formerly gNAT) is another useful piece of software from Sustainable Softworks, the folks who brought you IPNetMonitor, Tuner, Router and Sentry. From the gNAT home page: "gNAT is a small program designed to give users graphical access to Mac OS X's Network Address Translation (NAT) services without having to use the command line. NAT is a protocol used to share a single internet connection among multiple computers without requiring a dedicated hardware router. gNAT can be used as a Mac OS X alternative to the basic Internet sharing feature of IPNetRouter." Version 1.0c5 adds/changes the following:

• Fix load_install script to work properly on Tiger.

Use IPNetShareX Pro if you are a commercial organization and/or you may need technical support with this software. Use IPNetShareX if you will be using IPNetShareX in a non-commercial installation AND you will not require technical suppport. IPNetShareX Pro registration is $25.00 and can be immediately ordered online. IPNetShareX registration keys can be obtained at no charge as described in the included documentation. In both cases, you will need a registration key in order to continue running the software after the initial 21 day trial period. You just need to copy and paste the entire XML key file into the registration edit box and click the Accept button.

LFT and WhoB

Open source; $0

Current Version: 2.5 (August 24, 2005) / 3.1 (May 13, 2008)

From the LFT/WhoB home page:

"LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filter based firewalls. More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What makes LFT unique? Rather than launching UDP probes in an attempt to elicit ICMP "TTL exceeded" from hosts in the path, LFT accomplishes substantively the same effect using TCP SYN or FIN probes. Then, LFT listens for "TTL exceeded" messages, TCP RST (reset), and various other interesting heuristics from firewalls or other gateways in the path. LFT also distinguishes between TCP-based protocols (source and destination), which make its statistics slightly more realistic, and gives a savvy user the ability to trace protocol routes, not just layer-3 (IP) hops.

"WhoB is a no-frills whois client (see whois(1)) designed to provide everything a network engineer needs to know about a routed IP address by typing one line and reading one line. But even so, it's worth typing a few more lines because WhoB can do lots of other cool things for you! It can display the origin-ASN based on the global routing table at that time (according to Prefix WhoIs, RIPE NCC, or Cymru), the 'origin' ASN registered in the RADB (IRR), the netname and orgname, etc. By querying pWhoIs, WhoB can even show you all prefixes being announced by a specific Origin-ASN. WhoB performs the lookups quickly, the output is easily parsed by automated programs, and it's included as part of the Layer Four Traceroute (LFT) software package. LFT uses WhoB as a framework (and you can too, quite easily--see whois.h). Recent LFT releases (as of version 2.5) include WhoB functionality through a standalone "whob" client/command placed in the LFT binary directory."

Please note that these are command-line utilities for Mac OS X (in other words, they do not have a graphical user interface). This combo is one of only a few command-line utilities I include here on the Orchard, but those who need its functionality are likely to be comfortable with the OS X command line, making this (I hope) a non-issue.

Version 2.5 - the latest release available as an executable binary - added/changed the following:

• Inclusive of betas 2.32 to 2.4x
• Added -z option to pseudo-randomize source port
• Added behavior to automatically select the most appropriate interface based on routing (this was on the most wanted list)
• Improved OpenBSD compatibility (IP length nonzero)
• OpenBSD is now detected by autoconf (for configuring the above)
• Darwin is now detected by autoconf and its definition disables some BSD features to make it compatible with Mac OS X and Darwin
• LFT now indicates it has reached the target by printing a 'T' character in the status display (if status is enabled)
• Cleanups were made to the verbose output levels (-VVV)
• Significantly revamped whois framework makes it easy to include whois functionality into other programs
• Added -C and -R and -r options to force alternate ASN sources
• Default ASN source (-A) is now Prefix WhoIs (see pwhois.org)
• LFT now queries for ASNs in bulk format after completing a trace if pwhois (default), RIPE NCC RIS, or Cymru is selected
• Added dst/src port autoselection based on user-supplied hostname
• Vastly improved standalone whois client "whob" see whob.8 (whob manpage)
• Makefile now installs 'whob' no-frills whois client (try ./whob)
• "Smart" mode is now referred to as "Adaptive" mode (-E)

Version 3.1 - the latest release, but available only as source code - includes WhoB 2.0, and adds/changes the following:

• New configure options: --enable-gtod Forces LFT to use gettimeofday() on each packet instead of using the BPF timestamp. This is critical on platforms that have enabled 'fastts' or that do not have high-precision BPF timestamping. --enable-universal generates binaries including both PPC and Intel architecture (for users running Mac OS X/Darwin).
• Improved compatibility with NetBSD and Darwin/Mac OS X.
• Added autoconf support for NetBSD.
• Improved compatibility with older.
• Updated autoconf bits and pieces.
• By popular request, reversed the -g option of WhoB. WhoB now uses gigo mode by default unless -g is specified which turns ON its parser and enables the other various options.

Little Snitch

Shareware; $24.95

Current Version: 1.2.4 (January 29, 2007) / 2.2.4 (July 19, 2010)

Little Snitch is a "Trojan horse" detector for Mac OS X. Trojan horses are programs (or aspects of programs) that make network access behind your back to collect statistics about the use of your computer. Trojan horses can be detected by Little Snitch and prevented from transmitting such data. Some highlights:

• Prevents applications from "phoning home".
• Protects you from trojans, worms, and other network parasites.
• Shows which applications send information over the internet.
• Provides a higher level of security for the paranoid.

Version 2.2.4 - the latest version for Mac OS X 10.4 and later - adds/changes the following:

• Improved support of restoring from a backup system like Time Machine.
• Improved automatic IP address update of hostname based rules.
• The Connection Alert panel adjusts its size to fit long application names.

Version 1.2.4 remains available for Mac OS X 10.2 and Mac OS X 10.3.

Little Snitch functions as a 3-hour, time-limited demo prior to purchase, and quantity discounts are available.

MacSniffer

See text.

Current Version: 1.0b1

From the MacSniffer home page: MacSniffer is a front end to the built-in 'tcpdump' packet sniffer on Mac OS X. MacSniffer allows you to view all of the traffic on a network connection, such as ethernet. MacSniffer includes a filter editing interface and a filter library to easily construct and reuse packet filters to view a subset of all the traffic on the connection, such as just that destined for a specific host or port. You can choose the level of detail you want captured, from just the minimal packet headers (showing source and destination hosts and ports) up to a full hex and ASCII dump of the packet contents. MacSniffer can be useful for diagnosing many network problems, debugging client/server programs, and scanning for particular network exploits in real time." When released in final form, MacSniffer will be shareware, $15.

namebench

Open Source; $0

Current Version: 1.3.1 (June 7, 2010)

namebench is a free open source DNS benchmark utility from Google that searches for the fastest DNS servers available for your computer to use. It's a handy utility for people who find all too often that their Internt experience is marred by "looking up host" delays due to a less-than-responsive set of DNS nameservers.

The software runs a fair and thorough benchmark using your web browser history, tcpdump output, or standardized datasets in order to provide an individualized recommendation. namebench is completely free and does not modify your system in any way.

While no information is available regarding what's new in version 1.3.1 (presumably, it's a bugfix release), version 1.3 made the following enhancements:

• Ability to upload & share your results online
• Display DNS server versions and nodenames in the HTML output (mouseover)
• Graphical interface updated
• Fast/Slow toggle for health check speed
• New datasets available (updated Alexa, cache miss, cache hit, cache mix)
• Direct importation of pcap files generated by tcpdump and wireshark
• OARC port diversity checks included
• More consistent timeout settings
• Updated server listing
• Updated libraries (dnspython, jinja2)

Nessus

Commercial; see text

Current Version: 4.2.2 (April 16, 2010)

The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner. Nessus is currently rated among the top products of its type throughout the security industry and is endorsed by professional information security organizations such as the SANS Institute. It is estimated that the Nessus scanner is used by 75,000 organizations world-wide.

Features include:

• Up-to-date security vulnerability database - Nessus mostly focuses on the developement of security checks for recent security holes. Its security checks database is updated on a daily basis, and all the newest security checks are available here and can be retrieved with the command nessus-update-plugins. An RSS feed of all the newest security checks allows you to monitor which plugins are added and when.
• Remote AND local security - Traditional network security scanners tend to focus on the services listening on the network - and only on these. Now that viruses and worms are propagating thanks to flaws in mail clients or web browsers, this conception of security is getting outdated. Nessus has the ability to detect not only the remote flaws of the hosts on your network, but their local flaws and missing patches as well - whether they are running Windows, Mac OS X or a Unix-like system.
• Extremely scalable - Nessus has been built so that it can easily scale down to a single CPU computer with low memory to a quad-CPUs monster with gigabytes of RAM. The more power you give to Nessus, the quicker it will scan your network.
• Plug-ins - Each security test is written as an external plugin, written in NASL (see below). This means that updating Nessus does not involve downloading untrusted binaries from the internet. Each NASL plugin can be read and modified, to better understand the results of a Nessus report.
• NASL - The Nessus Security Scanner includes NASL (Nessus Attack Scripting Language), a language designed to write security test easily and quickly. NASL plugins run in a contained environment on top of a virtual machine, thus making Nessus an extremely secure scanner.

Nessus for Mac OS X is not just a port of the Unix server to the Mac environment; it also bundles a native interface to manage the server and the client. The Mac OS X Nessus Client sports the following features:

• Session-based - A 'session' is a set of targets, policies and results. A session may contain multiple scan results
• File-based - Each session is stored as a unique file on disk. This file can then be easily moved around to another host by email, ftp, etc.
• Multiple scans in parallel - You can create multiple sessions in parallel (File | New) and each session can perform a scan
• Real-time results - The results can be viewed and worked on in real time
• Universal Binary - Nessus for Mac OS X natively runs on PPC and Intel CPUs

Nessus 4.2.2 makes the following changes:

• Nessus-fetch: Proxy issues have been resolved
• NASL: Fixed a memory leak in the NASL xmlparse() function
• Networking: Fixed IPv6 routing when talking to a remote host (FreeBSD, Mac OS X)
• Networking: Packet forgery was not always working on ES5 64 bits
• Packaging: Fixed the Debian /etc/rc init script
• Packaging: Upgraded OpenSSL to version 0.9.8n (Windows, Solaris)
• Stability: Fixed a possible crash when using a badly written custom plugin
• Stability: Fixed a possible crash when running out of BPFs on Windows

The detailed change log has more information.

The Nessus software itself is free, and 7-day delayed access to vulnerability checks is also available for free to all registered users. "Instant" access to these vulnerability checks - as well as full commercial support - is available under a $1,200 annual subscription agreement. See the Nessus registration page for further details.

Net-SNMP

Open source; $0

Current Version: Binary: 5.0.2 (July 19, 2002) / Source: 5.5 (September 29, 2009)

Note: As of October, 2003, Dartware suspended its efforts to produce a Mac OS X specific version of Net-SNMP. The changes Dartware made to versions 4.2.3 and later to make it work on Mac OS X were incorporated in the production build. The sources on the net-snmp project page now build without problem on Mac OS X. They are available from http://sourceforge.net/project/showfiles.php?group_id=12694.

Net-SNMP for Mac OS X is a Mac OS X version of the open source net-snmp software that makes statistics about a computer available via SNMP. A detailed description of the net-snmp project along with a FAQ and other documentation can be found at the SourceForge site, http://net-snmp.sourceforge.net/. The net-snmp software in this distribution includes an extensible agent, an SNMP library, snmpget, snmpset, snmpwalk and other tools to set or request information from SNMP agents, and tools to generate or handle SNMP traps. The following MIBS are supported in part or in their entirety:

• MIB-II General network statistics (RFC 1213)
• UCD agent extensions (processes, disks, memory, load average, shell commands, error handling)
• Host Resources (RFC 1514) "initial implementation"
• SNMPv3 MIBs (RFCs 2571-6)

Net-SNMP is released as open-source freeware. net-snmp 5.0 was a significant rewrite and provided many new features, such as allowing Perl scripts to create responses to SNMP queries. The Mac version hasn't seen an official "build" since 2002, but the latest source code is available, and includes instructions for compiling and using under Mac OS X.

NetBarrier

Commercial; $69.95

Current Version: "X5" (10.5.6) (December 11, 2009)

Intego, Inc. produces the NetBarrier personal firewall software. Users of version 2.0 or later may update their software by using its built-in update function; users of earlier releases may purchase an upgrade. The "Classic" Mac OS version is no longer available for purchase, although updaters are still available for download (see below).

Features include:

• Controls incoming TCP/IP traffic and data
• Controls outgoing TCP/IP traffic and data
• Offers preset or customized security rules
• Protects against Trojan Horses
• Protection against vandal programs
• Blocks selected applications
• Alerts you when applications connect to the Internet
• Audits vandal alerts
• Protects against intrusions
• Offers a choice of defense policies
• Detects wrong passwords
• Protects against network attacks
• Protects against ping of death
• Protects against ping flooding
• Protects against SYN flooding
• Protects against port scans
• Stops unknown packets
• Controls system resources
• Provides TCP sequence scrambling
• Helps control cookies
• Offers individual cookie control
• Deletes cache and history files
• Blocks ad banners
• Hides the last web site visited
• Hides browser and platform information
• Safeguards personal information
• Filters TCP/IP & AppleTalk stacks
• Protects against data thieves, hostile java applets, hostile plug-ins

Version 10.5.6 introduces the following new features:

• This update improves Mac OS X 10.6 Snow Leopard compatibility and addresses a number of other minor issues. This update is recommended for all NetBarrier X5 users.

Net Monitor

Shareware; $10

Current Version: 3.9.5 (December 24, 2005) / 4.5.2 (February 8, 2010)

Net Monitor is an inexpensive shareware application written for Mac OS X (10.1 or later) that graphs network interface throughput in a floating window, the Dock or the Menu Bar. Very simple! As of version 2, the software incorporated the functionality of the previously-separate PPP Monitor application by the same author.

Version 4.5.2 - available for Mac OS X 10.4 and later only - makes the following changes from the previous release (3.9.5 is still available for older Macs):

• PPP - The system's user/password dialog box is no longer displayed when connection is initiated by the program, unless this option is selected in the preferences.

Net Tool Box

Sharware; £20

Current Version: 3.1 (July 18, 2005)

Net Tool Box is a full set of networking tools for network administrators, software developers and enthusiasts. It can perform all sorts of tasks, from simple DNS resolution to full-blown host interrogation. You can graphically map the location of an IP address, you can traceroute to almost any computer on the Internet, and you can use the terminals to perform protocol analysis and development. Version 3.1 features the following enhancements:

• [NEW] Rewrote Ping, Ping Scan and Traceroute to work fully x-platform. Windows 98/ME Note: Requires WinSock 2.
• [NEW] Added a contextual menu (right-click/ctrl-click) for IP addresses. You can now bring up a menu on practically any IP address shown throughout Net Tool Box providing information and options.
• [NEW] Added preferences option to remember tool presets. This will retain things like timeouts and port ranges betweeen sessions. Also added 'Reset' button in preferences to revert these presets to their defaults.
• [NEW] Added an 'out-of-date' warning to Mapper on first run. Caida's NetGeo database, which Mapper uses to retrieve network loactions, is no-longer maintained.
• [CHG] Removed Authorize facility to save a lot of headaches. You can authorise manually still if you'd like. See the FAQ for more info.
• [CHG] Updated About Box credits.
• [CHG] Windows: The toolbar is now de-mac-ified. No more aqua stripes and aqua buttons.
• [CHG] Changed the favorites popup menu to look better x-platform.
• [CHG] Re-named Rendezvous to 'Bonjour' to comply with Apple's fantastically sensible name-change!
• [CHG] Changed some toolbar icons. VPN interfaces now have an icon in the interfaces window.
• [CHG] The "Show WAN Address in Toolbar" option now gets it's IP from the version-checker routine. This means "Show WAN Address" will only work if version checking is enabled. The preferences window has been modified to reflect this change.
• [FIX] Using keyboard shortcuts for opening Favourites and Preferences windows on OS X no longer shows the application switcher.
• [FIX] Windows: ARP Table and Netstat are now working.
• [FIX] Fixed typos on Network Statistics window and Port Updater window.
• [FIX] "Favorites" is now spelled correctly.
• [FIX] Mac: ARP Table MAC addresses are now formatted correctly.
• [FIX] Windows: Console-output in terminals and whois now respect the fixed-width font set in the preferences.
• [FIX] Statistics Window: Now formats bytes correctly as MB, GB etc.
• [FIX] Netstat now works on Mac OS X 10.4, Tiger. Unfortunately, Apple have removed the tool used to relate sockets to processes, so for 10.4 and above, the 'Process' column is not available. Hopefully I can find a workaround, to bring the functionality back in the future.

Net Tool Box is a shareware application, approx $35 (£20). It has a 5 minute session timeout, a 3 map-per-session limit and one minute timeouts on NetStat, TrafficWatcher and Packet Watcher sessions. Also, Traffic Watcher can only listen on port 80 (Web) in demo mode.

NoobProof

Open source; $0

Current Version: 1.4 (July 20, 2009)

NoobProof (from the authors of WaterRoof) is a free IPFW firewall front end for Mac OS X 10.4 and 10.5 that is designed to be simpler than WaterRoof (requiring only 5 steps to configure).

Version 1.4 adds/changes the following:

• New more flexible Injector
• Wizard configuration
• Block outgoing connections to specific hosts or ips
• Much more friendly default configuration

A WaterRoof / NoobProof comparison can help you make a decision about which of these free firewall configuration tools is right for you.

Norton Personal Firewall

Commercial; $49.95

Current Version: 3.0.3

Symantec Corporation produces Norton Personal Firewall for Mac OS 9 and Mac OS X, a software-based firewall product that is based upon Open Door Networks' DoorStop Personal Firewall.

ntop

Open source; $0

Current Version: 4.0 (July 22, 2010)

ntop is a free, open source network traffic probe that shows the network usage, similar to what the popular "top" command in UNIX. ntop is based on libpcap. ntop comes with two applications:

• the 'classical' ntop that sports an embedded web server
• intop (interactive ntop) is basically a network shell based on the ntop engine.

ntop users can use a a web browser to navigate through ntop (which acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of a web interface; limited configuration and administration via the web interface; and reduced CPU and memory usage make ntop easy to use and suitable for monitoring various kind of networks.

Version 4.0 - the latest source code release of the software - adds/changes the following:

• Partially rewritten ntop processing engine to address reliability and performance
• Several bugs and stability issues fixed
• Added better support for IPFIX and NetFlow v9, as well as ntop PEN (Private Enterprise Number)
• Added support for Cisco ASA firewalls
• Added ntop engine scriptability via the python programming language
• Added RRDalarm plugin for generating alerts based on thresholds
• Improved google maps integration
• Enhanced sFlow support

OTTool

Freeware

Current Version: 1.2.1

OTTool is a free utility from Neon Software which provides a synopsis of the AppleTalk and IP configuration parameters within Apple Computer's Open Transport networking architecture. In addition, OTTool allows users on IP networks to make Domain Name Server (DNS) queries, ping devices using ICMP Pings, trace IP routes (UNIX traceroute), scan through ranges of IP addresses asking for resolutions, and to query a DNS for Mail Exchange and System Info. Version 1.2.1 fixed a compatibility issue with OS X 10.1 and added more user interface improvements for OS X 10.1.

PacketStream

Shareware; $24.95

Current Version: 3.3 (May 26, 2010)

From the PacketStream home page: "PacketStream provides point-and-click activation of the Mac's built-in network monitoring program, which is usually available only from the command line. By clicking a few buttons, you can monitor data as it streams over your network--especially useful for checking web traffic, network bottlenecks, or even suspicious network activity. All network data is displayed in the application itself, and you can save the data to a file for further analysis later."

Version 3.3 adds/changes the following:

• Now supports AppleScript and Services.
• Status icon changes during network scan.
• Now supports Keychain integration for password.
• Improved status messages in the main window.
• Can now show contents of packet data in main window.

The download is a 30-day demo; you can purchase a license to use the program past the 30-day trial period. Mac OS X 10.4 is the minimum supported platform.

Paros

Open source; $0

Current Version: 3.2.13 (August 8, 2006)

Paros is an essential tool for all web application developers and web site security auditors. It is a Java-based HTTP/HTTPS proxy for assessing web application vulnerability, supporting editing/viewing HTTP messages on-the-fly. Features include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections, and more.

Version 3.2.13 adds/changes the following:

• New: skipping designated URL in spider. Use options to set the spider.
• New: auto update menu and periodic check for update (Windows and Linux platform only).
• Fix: the use of new external library caused slower performance of proxy. Restored to older library.

See the installation instructions for more information.

sunShield

Shareware; $29.95

Current Version: 2.0.3 'L' Pro (November 12, 2007)

sunShield is a preference pane that manages the built-in firewall in Mac OS X (which makes it similar to Flying Butttress / BrickHouse, except that Flying Butttress is a standalone application).

Core features include:

• PPC and Intel ready
• Supports IPFW2, shipped with Tiger.
• Use advanced actions, and advanced protocol options.
• Easily turn firewall ON / OFF
• Create all kind of basic or dynamic rules.
• Lets you also create rule manually, from sunShield's interface.
• Review dynamic rules, time left and parent rule.
• Enforce rules based on user sending packet.
• Enable or disable logging, system wise.
• Live logs, in sunShield, lets you use ToolRules (sniffing, debugging...)
• Export rule base to an rc.firewall script, handy to deploy IPFW configuration on BSD compatible systems.
• Re-order rules with simple drag and drop.
• Edit rules with a double click on them, right click them to edit as new rule
• Automatically save and restore rules across reboots.

Apart from being released natively for Intel- and PowerPC-based Macs, version 2.0 Pro adds/changes the following:

• Edit (and replace) or Edit as a new rule.
• Import and export a whole ruleset from one file, in one click.
• Enhanced template support.
• New interface, bringing better feel when using the pane.
• New key protocol in order to support demo version. (2.0.2)
• Two glitches fixed in French interface. (2.0.2)
• Added: Refresh button on Logging window. (2.0.3)
• Fixed: Edit as new rule broken. (2.0.3)
• Fixed: Debug output logged on dynamic rules, even when debug output disabled. (2.0.3)
• Fixed: A bug introduced with Leopard's build 9a581. The bug is not in Leopard, but in the way sunShield Pro tries to read some system data. (2.0.3 'L')

throttled

Open source; $0

Current Version: 0.5.1 (February 5, 2009)

throttled is a free, open-source bandwidth shaping application for Mac OS X, FreeBSD, and Linux that allows you to put a cap on your upstream bandwidth and keep your download speeds high even when your server is sending out at full speed. Features include:

• Allows you to set either a global throttle for all your applications, or multiple throttles with different speeds to guarantee all your servers a certain bandwidth.
• Allows you to setup priority queues for your network data to guarantee low-latency ssh, telnet, etc connections on your server.
• Prioritizes TCP ACK packets to allow consistant bandwidth in both directions even under heavy server load.
• Flag for allowing you to throttle local network addresses 192.168.x.x and 10.x.x.x. (By default, only Internet-bound traffic is throttled)
• It uses almost no resources. CPU usage is around 0 - 2% and it uses less than 500k of RAM.
• Source code is freely available, and released under the GPL. Please read the COPYING file in the distribution.

Version 0.5.1 adds/changes the following:

• This new release provides skipto rules for Bonjour and 10.x.x.x networks which should fix LAN capping issues reported by some users.

Throttled Pro

Shareware; $20

Current Version: 1.5.1 (February 5, 2009)

ThrottledPro is an enhanced, graphical version of the free command-line-driven throttled software. Like its free sibling, it provides bandwidth shaping for Mac OS X that allows you to put a cap on your upstream bandwidth and keep your download speeds high even when your server is sending out at full speed. Features include:

• Throttled Pro will provide capping services to all machines connected to you through Apple's built in Internet Connection Sharing.
• Throttled Pro works with Apple's built in firewall. In order to configure the firewall you will need to stop Throttled Pro. After the firewall is configured, turn on Throttled Pro and everything will work just fine.
• Throttled Pro supports BitTorrent and FTP using the configuration panel. If you use the ports configuration and have "Enable Catch All Rule" checked, then this will work as well.
• You can setup as many services as you want in Throttled Pro.

Version 1.5.1 adds/changes the following:

• Updated to use throttled-0.5.1 which fixes LAN capping issues experienced by some users. We now make sure 192.168.x.x, 10.x.x.x, and Bonjour networks are not throttled.

VisualRoute

Commercial; see text

Current Version: 14.0d (June 30, 2010)

Visualware Inc. produces VisualRoute, a remarkably nice Java-based ping, whois, and traceroute program that automatically analyzes connectivity problems, displaying the results graphically on a world map. When configured as a server, VisualRoute provides visual traceroute services to web browser clients.

Version 14 ("2010") introduced the following new features:

• New agent creation procedure (both web & client) - The remote agent creation procedure that allows you to run a traceroute from anywhere in the world to your VisualRoute server has been vastly improved to make it easier to setup and manage.
• Improved update efficiency - the way the GUI updates and processes during a traceroute has been greatly improved to enhance usability and understanding.
• Analysis Information - this feature is essentially a history search allowing you to grab any results from either a traceroute or ping plot for a particular IP/host name.
• Traceroute Ping Plot - a new feature that plots the response times for every hop in a particular traceroute. More information.
• New user interface.

Version 14.0d makes the following additional changes:

• eMail address tracing re-added

Pricing ranges from $49.95 for the "Personal" Edition to $395 for the "SupportPro" Edition. The online purchase page has more details. All Mac users can try the free online version. Highly recommended.

WaterRoof

Open source; $0

Current Version: 2.2 (September 8, 2009) / 3.0 (January 28, 2010)

WaterRoof (from the authors of NoobProof) is a free IPFW firewall front end for Mac OS X with a easy interface and many options. Features include dynamic rules, bandwidth management, NAT configuration and port redirection, pre-defined rule sets and a wizard for easy configuration. You can also watch logs and graphic statistics. Rules configurations and network options can be saved and optionally activated at boot time.

A WaterRoof / NoobProof comparison can help you make a decision about which of these free firewall configuration tools is right for you.

Version 3.0 adds/changes the following:

• New interface
• Two ways to add a new rule: advanced mode and simplified mode with rules translator
• Ipfw/nat deployment with Injectors
• Import NoobProof Injector's ipfw configuration
• New quick reference guide
• Compatibility with Mac OS X Server 10.5

WEP Key Maker

Freeware

Current Version: 1.1

If you're looking into creating a wireless network for your Macintosh, here's a dirty little secret that will save you a great deal of money: Apple's AirPort base station isn't the only wireless access point (WAP) device that AirPort-card-equipped Macintoshes work with. There are many fine 802.11b WAPs available for half the cost of the AirPort base station, and your Mac will work just fine with them, right out of their boxes. You'll find, however, that these devices - by default - come with Wired Equivalent Privacy (WEP) disabled, meaning that data sent between your computer and WAP will be sent in the clear over the airwaves, offering little to no protection from intruders who know how to decipher these signals.

If you want to enable your wireless access point's 40 or 128 bit encryption, you'll probably find an area in its configuration screens that asks you to enter in a series of hexadecimal numbers called a "key." These WEP keys are used by the algorithm that your hardware employs to encrypt your wireless data. They are typically generated by a piece of software. WEP Key Maker is such a piece of software. Download it, enter in some text that tickles your fancy (called a "pass phrase"), and it will generate a 40 bit or 128 bit key you can enter into your WAP's configuration screen.

Once you do this and reboot your WAP, however, you'll note that the next time you try to access your wireless network from your Macintosh, you'll be prompted by the AirPort software to enter a password. Type a dollar sign ($) into the AirPort password field, and then type in (or paste, if you can) the key that WEP Key Maker generated for you, making sure to store this lengthy string of characters in your OS 9 or OS X "keychain" by clicking the corresponding checkbox. Click "OK," and you'll have rejoined your wireless network with encryption fully-enabled.

Apple's AirPort base station makes it unnecessary for end users to deal directly with WEP keys by using a proprietary algorithm to convert passwords to WEP keys on the fly. Fortunately, the "$" prefix trick allows you to use WEP keys instead of these special passwords directly with any AirPort card-equipped Mac, enabling you to hook into just about any standard third-party 802.11b wireless base. While you'll probably only need WEP Key Maker to generate a key for WAP routers that you own or control, remember the "$" trick if you happen to be visiting a company or building that requires encrypted access to its wireless network. Remember, however, that public networks that you are likely to find in hotels or public wireless WANs in large cities typically use no encryption whatsoever, and your AirPort card will detect these and allow you to use them without a password or WEP key of any kind.

WEP Key Maker is the only Macintosh-based WEP key generator that I am aware of, and it's an essential piece of any wireless Mac-head's arsenal of tools. It's not only wonderfully easy to use - it's absolutely free.

Version 1.1 adds/changes the following:

• Improved hex key quality.
• Hex key field is now "read only."
• Pass phrase is now "required."
• Key length is now restricted to a multiple of 4, less than or equal to 928, consistent with the constraints of the algorithm used.
• Added a "Window" menu and othewise improved Aqua appearance.
• Removed window's minimize button to avoid bugs in PowerPlant's event handling under OS X.

Whistle Blower

Shareware; $49-90

Current Version: 3.0 (April 1, 2002) / 3.1 (May 6, 2003)

Whistle Blower (formerly Server Sitter) is a network monitoring utility. It's very easy to use and has a simple but elegant interface. It can perform regular checks of your servers and alert you if any of them fail to respond, and it can send email to you or your pager. It can also react to the failure by performing an action. Server Sitter can launch AppleScripts or other files to respond and can also control up to 4 powerkey modules connected to the machine to force restart a hung server. Version 3.1 - for OS 9 and OS X only - addresses the following:

• Email Cycle Task Send an email and receive the email to check every part of an SMTP/POP system.
• SMTP Authentication Email alerts and reports can be sent through SMTP servers requiring authentication.
• HTTP Action Make an http connection in response to an outage.
• Improved OS X Performance and OS X Only Features:
  • Shell Script Task validate the return from a shell script.
  • Shell Script Action run a terminal command in response to an outage.
  • Log to Syslog Send log entries to the system log.
  • No longer runs as root Easier install no longer requires administrator password.

Who's There? Firewall Advisor

Commercial; $39

Current Version: 2.3 (October 26, 2009)

Open Door Networks produces the Who's There? Firewall Advisor that works in conjunction with Flying Butttress (BrickHouse), DoorStop and Symantec's Norton Personal Firewall for Macintosh. Who's There? 2.0 is a major upgrade, available standalone or as part of the DoorStop X Security Suite.

Who's There? 2.3 adds/changes the following:

• Snow Leopard support. Version 2.3 of the products provides full Snow Leopard support, including details and advice regarding Snow Leopard-specific issues. Also bug fixes.
• iPhone support. Version 2.3 of the products includes information and advice specific to the iPhone and its integration with the Macintosh. The book, newly renamed to include "iPhone" in the title, now has a whole chapter devoted to the iPhone and iPod touch, plus iPhone details throughout.
• Twitter stream. Security issues change so quickly these days, sometimes a blog isn't even fast enough. So, with 2.3 we've added a Twitter stream too, and integrated it with the products through a new "News" menu. Look for real-time links to evolving Mac and iPhone Internet security issues here.
• Other enhancements. 2.3 products include a number of other enhancements, such as non-admin user support for the DoorStop X firewall, a much improved geo-location service for the Who's There? Firewall Advisor and information and advice on many new security issues.