Apple Broadband Tuner

Freeware

Current Version: 1.0 (November 29, 2005)

Apple Broadband Tuner is an official "patch" from Apple that tweaks selected network settings on Mac OS X 10.4 to increase the performance of FiOS-based high-speed Internet connections. From the Broadband Tuner home page:

"The Broadband Tuner allows you to take full advantage of very high speed FiOS based Internet connections that have a high latency. The installer tweaks some system parameters.

"There is an optional uninstaller that can be used to restore the settings that were in effect at the time just before the system parameters were changed.

"The installer increases the default values for the size of the TCP send and receive buffers. With larger buffers more data can be in transit at once. A startup configuration file is also updated so that these changes will persist across restarts.

"The system parameters are sysctl variables that are set as follows:

• net.inet.tcp.sendspace: 131072
• net.inet.tcp.recvspace: 358400
• kern.ipc.maxsockbuf: 512000

"This change has a system wide effect and is applied even if the network is not high speed connection with a high latency, with the exception of modem connections for which the system uses small default TCP buffer sizes."

Drew notes: This program, which is written as a series of Perl scripts, does its magic by writing to (or creating, if necessary) your /etc/sysctl.conf file.

Please note that this is for one very specific type of Internet connection (FiOS), and Apple has clarified this since releasing the software on 11/28/2005.

I'd prefer to see Apple release this as (part of) a Preference pane rather than a klunky installer/uninstaller package. I would imagine that Apple plans precisely this (or perhaps an automatic variant) for a future release of Mac OS X.

Berkeley Packet Monitor

Shareware; $6

Current Version: 1.5 (July 31, 2007)

Berkeley Packet Monitor is a Mac OS X network traffic monitoring and diagnostic utility. It uses the Berkeley Packet Filter devices built into the Mac OS X operating system to log and re-assemble all packets entering and exiting from a specific network interface. The software can be configured to log ICMP, TCP, and UDP packets and will allow you to view the raw data contained in each packet sent or received. If you like the program or use it frequently you may register your copy for $6 at http://www.kagi.com/.

Version 1.5 - the first release since December 2005 - adds/changes the following:

• Added a built-in "Help Book" with IP header informational references.
• Universal binary.

DoorStop X Firewall

Commercial; $49

Current Version: 2.2 (November 6, 2007)

Open Door Networks produces the DoorStop X software-based firewall, which works with the Who's There? Firewall Advisor software.

Version 2.2 adds/changes the following:

• Leopard introduces a number of new and changed services. DoorStop X has been updated to include protection options for new services such as Screen Sharing (through two different methods) and Remote Management.
• DoorStop's protection of iChat's Screen Sharing service is particularly critical for anyone considering using that service.
• DoorStop's Setup Assistant includes a number of Leopard-specific features, such as a "What's New in Leopard" pane and detailed information and options on iChat Screen Sharing.
• Direct access to the most recent version of our book, with major new sections on Leopard features.
• Service names match those used in Leopard.
• General Leopard support and bug fixes.

Firewall Builder

Shareware; $79.00

Current Version: 2.1.19 (May 20, 2008) / 3.0.1 (October 6, 2008)

Firewall Builder is multi-platform firewall configuration and management tool. It consists of a GUI and set of policy compilers for various firewall platforms. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations. Firewall Builder currently supports iptables, ipfilter, OpenBSD PF and Cisco PIX.

Being truly vendor-neutral, Firewall Builder can generate configuration file for any supported target firewall platform from the same policy created in its GUI. This provides for both consistent policy management solution for heterogeneous environments and possible migration path.

Version 3.0.0 added/changed the following:

• Firewall Builder 3.0 introduces support for IPv6 for iptables and PF firewalls and Cisco IOS extended access lists. Now you can generate both IPv4 and IPv6 policies for firewalls and access lists for routers using the same GUI and the same database of objects that represent network addresses and services.
• In this version, firewall object can have any number of policy and NAT rule sets which can be used for branching rules or to generate user-defined chains (iptables) or anchors (pf) that can be used by external scripts.
• In addition to that, the GUI has been improved with addition of the ability to group rules in policies, control size of icons and fonts.

Version 3.0.1 introduces a huge number of additional bugfixes, which are detailed in the online release notes.

The download packages work in evaluation mode for 30 days and can be unlocked with a license file. Please note: Mac OS X packages are built on Intel-based Mac running Leopard. The author has been having difficulties building universal packages with QT so these will not work on PowerPC Macs, so the old PowerPC version (2.1.19) remains available.

Flying Buttress

Shareware; $25

Current Version: 1.4 (January 2, 2006)

Please note: Flying Buttress was formerly known as BrickHouse.

From the Flying Buttress home page:

"Flying Buttress is designed to make using the network firewall built in to Mac OS X quick and easy. By using Flying Buttress to enable your computer's firewall, you can help prevent unauthorized villains from gaining access to your computer via your internet connection, and from performing network attacks.

"While Mac OS X is fairly secure as installed, it also includes a powerful network traffic filter or firewall that can both prevent break-in attempts and keep your computer from being used in attack on another computer. Unfortunately, the default installation leaves it wide open, and you must manually 'add rules' or filters using a command line tool called ipfw. You need to use Terminal.app to do this. My mom isn't going to be able to do this.

"That's where Flying Buttress comes in. Flying Buttress provides a simple and easy interface to setting and activating your firewall's filters. It also includes a firewall monitor window to allow you to see how often each filter is used. Filter settings can be saved and switched quickly, and imported and exported to and from disk. Settings can be created by knowledgeable users and admins, and distributed to others to disable specific or recently discovered attack techniques."

Version 1.4 adds/changes the following:

• Changed name to Flying Buttress.
• Fixed startup item issue under 10.3.9 or higher.

HenWen

Open source; $0

Current Version: 2.1.2 (June 21, 2005)

HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary. Features include:

• Includes a precompiled Snort binary for Mac OS X (minor change made to source, see the included Changed Source directory for details)
• Drag and drop installation (no installer or uninstaller necessary)
• Supports all major Snort preprocessor and output plugins
• Supports all Snort rules that are current at the time of this writing
• Supports configuring all current Snort rule variables
• Supports direct logging to MySQL databases
• Supports ODBC database logging (for PostgreSQL, Oracle, MS SQL Server, and more)
• Supports auto-blocking
• Can update Snort rules over the network
• Can set up Snort to run at system startup
• Supports modem and broadband network connections
• Runs on HFS+, UFS, AFP, and NFS volumes (SMB and other volume types should work as well, but they haven't been tested)
• Available in English, German, and Italian (in the same package)
• And more...

Version 2.1.2 adds/changes the following:

• Restored compatibility with Mac OS X 10.2.x.
• Fixed a problem which made it impossible to edit variables and rules under Mac OS X 10.4.x.
• The "Launch Snort as a startup item" menu item works again under Mac OS X 10.4.x.

Hostal

Shareware; $8.99

Current Version: 1.4.4 (April 18, 2008)

One of the questions I am asked most frequently is: "How do I set up a 'Hosts' file on my Macintosh?" Usually, I point people to Apple's reference pages (Mac OS X and Classic Mac OS) on the topic. However, the folks at Lazy Mountain Software have written a simple shareware application that allows much easier configuration of your machine's Hosts file, should you require one. Hostal supports both host mapping and host blocking, as well as "Time to Live" to prevent stale host mappings. For users on a network, Hostal detects an existing Hosts file and incorporates those settings as well. If manual configuration of your Hosts file gives you headaches, be sure to give Hostal a try. A Windows version is also available.

Version 1.4.4 adds the ability to block Imunizator.com; version 1.4 was the first "Universal Binary" release of Hostal, for native performance on both PowerPC- and Intel-based Macs.

HTTP Scoop

Commercial; £10

Current Version: 1.4.1 (October 19, 2007)

Tuffcode Limited produces HTTP Scoop, an HTML traffic analyzer/packet sniffer that makes it easy for developers and others to easily analyze client-server communication and diagnose scripts and web applications by observing the actual traffic running between the web browser and web server.

HTTP Scoop provides functionality similar to the network analysis tools included with Interarchy, but it is specifically dedicated to monitoring HTTP traffic (rather than all TCP/IP traffic), and includes specialized features (such as HTML and XML syntax highlighting) that are in tune with this philosophy. For example, while command line tools such as tcpflow, tcpdump, and ethereal perform similar functions, these tools do not fully decode all of the traffic that HTTP can deliver (such as GZIP content encoding).

Version 1.4.1 adds/changes the following:

• Copy to clipboard - Copy headers, parameters, responses or POST data to the clipboard with a single key combo. Take a look at the new and improved Edit menu.
• For your convenience - The last network interface used is now preselected when the application starts.
• Need to work with chunky HTTP requests? - Now you can remove the size limits placed on viewing data: just tick the Don't limit amount of data checkbox in Preferences.
• Squashed bugs - Resolved an issue which prevented licences being recognised as valid when certain languages are selected in System Preferences, and fixed a bug which can cause a crash when an inactive network interface is selected.

The demonstration version provides a fully-functional 14-day trial of the software.

InterMapper

Commercial; See text.

Current Version: 5.0.6 (November 20, 2008)

Dartware (the nucleus of which is comprised of former programmers from Dartmouth College) produces a heck of a lot of great Mac Internet software, and has some interesting commercial offerings. InterMapper is a an AppleTalk and IP network mapping and management tool that provides powerful Internet mapping and SNMP monitoring.

InterMapper is priced by the number of devices that you monitor. Every piece of network equipment (e.g., each router, switch, hub, etc) counts as a device. The total of the devices being monitored determines the license tier you will need. See the pricing page for more details.

Version 5.0 introduced a whole slew of enhancements:

• IPv6: InterMapper 5.0 tests devices that have IPv6 addresses, and supports IPv6 client connections. TCP- and UDP-based probes, and IPv6-based DNS queries are supported in the current download.
• InterMapper SQL Database: InterMapper Database is a component of InterMapper DataCenter. It acts as a central repository for data collected from one or more InterMapper servers. This data includes a snapshot of the current state of each server's managed elements (maps, devices, interfaces, etc), as well as historical readings from customer charts. InterMapper Database gathers this data efficiently, organizes it in a clear and logical schema, and provides means to respond to queries using industry standard SQL statements. InterMapper Database can be operated on its own or could be part of an organization's Configuration Management Database initiative (CMDB).
• Hierarchy in Map List: You can now organize your maps into folders, reducing clutter for those who have lots of maps.
• Acknowledgment filtering in device lists: There are two new buttons (at the top right of the window) that hide or show devices that have been acknowledged. This makes it easier to spot new trouble areas.
• Server-wide find on DNS name, IP address, or IMID: The "Find Devices..." menu item allows you to search either a map or the entire InterMapper Server for a given DNS name, IP address, or IMID. Searching by IMID can be helpful for relating a device in InterMapper Database to a device on the map.
• Enhanced Nagios Plugin Support: InterMapper has long supported command-line probes and has supplied a template specific to Nagios plug-ins. In Version 5.0, you can set a flag in your command-line probe to tell InterMapper to interpret the performance data (PERFDATA) supplied as part of the plugin's output and make it available for custom display. A newer template is also provided, and creates a nicely-formatted display from the output of NAGIOS plug-ins that provide perfdata.
• Server Discovery Preference: InterMapper RemoteAccess now implements a preference allowing you to turn off server discovery, so that the only servers which appear in the Map List window are those servers you have added yourself.

Version 5.0.6 is primarily a bugfix release.

InterMapper for Mac OS X requires Mac OS X 10.3.9 or newer. Any computer that can run Mac OS X will easily handle large maps. A minimum of 50 MBytes of disk space is required, although 1 GB or more will allow historical data to be stored. The Mac OS X InterMapper Remote application automatically selects the proper Java VM.

IP Monitor

Shareware; $5

Current Version: 1.3.2

IP Monitor is a very small application that displays your current IP address or subnet mask in a floating window, and allows you to easily copy either of these items to your clipboard for use in applications or documents where it is necessary to make this information known to others. It's AppleScript-able, and very handy. Version 1.3.2 implements access to the Remote Access control panel as well as support for menu sharing under Mac OS X.

IPNetShareX

Shareware; see site

Current Version: 1.0c5 (June 2, 2005)

IPNetShareX (formerly gNAT) is another useful piece of software from Sustainable Softworks, the folks who brought you IPNetMonitor, Tuner, Router and Sentry. From the gNAT home page: "gNAT is a small program designed to give users graphical access to Mac OS X's Network Address Translation (NAT) services without having to use the command line. NAT is a protocol used to share a single internet connection among multiple computers without requiring a dedicated hardware router. gNAT can be used as a Mac OS X alternative to the basic Internet sharing feature of IPNetRouter." Version 1.0c5 adds/changes the following:

• Fix load_install script to work properly on Tiger.

Use IPNetShareX Pro if you are a commercial organization and/or you may need technical support with this software. Use IPNetShareX if you will be using IPNetShareX in a non-commercial installation AND you will not require technical suppport. IPNetShareX Pro registration is $25.00 and can be immediately ordered online. IPNetShareX registration keys can be obtained at no charge as described in the included documentation. In both cases, you will need a registration key in order to continue running the software after the initial 21 day trial period. You just need to copy and paste the entire XML key file into the registration edit box and click the Accept button.

LFT and WhoB

Open source; $0

Current Version: 2.5 (August 24, 2005) / 3.1 (May 13, 2008)

From the LFT/WhoB home page:

"LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filter based firewalls. More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What makes LFT unique? Rather than launching UDP probes in an attempt to elicit ICMP "TTL exceeded" from hosts in the path, LFT accomplishes substantively the same effect using TCP SYN or FIN probes. Then, LFT listens for "TTL exceeded" messages, TCP RST (reset), and various other interesting heuristics from firewalls or other gateways in the path. LFT also distinguishes between TCP-based protocols (source and destination), which make its statistics slightly more realistic, and gives a savvy user the ability to trace protocol routes, not just layer-3 (IP) hops.

"WhoB is a no-frills whois client (see whois(1)) designed to provide everything a network engineer needs to know about a routed IP address by typing one line and reading one line. But even so, it's worth typing a few more lines because WhoB can do lots of other cool things for you! It can display the origin-ASN based on the global routing table at that time (according to Prefix WhoIs, RIPE NCC, or Cymru), the 'origin' ASN registered in the RADB (IRR), the netname and orgname, etc. By querying pWhoIs, WhoB can even show you all prefixes being announced by a specific Origin-ASN. WhoB performs the lookups quickly, the output is easily parsed by automated programs, and it's included as part of the Layer Four Traceroute (LFT) software package. LFT uses WhoB as a framework (and you can too, quite easily--see whois.h). Recent LFT releases (as of version 2.5) include WhoB functionality through a standalone "whob" client/command placed in the LFT binary directory."

Please note that these are command-line utilities for Mac OS X (in other words, they do not have a graphical user interface). This combo is one of only a few command-line utilities I include here on the Orchard, but those who need its functionality are likely to be comfortable with the OS X command line, making this (I hope) a non-issue.

Version 2.5 - the latest release available as an executable binary - added/changed the following:

• Inclusive of betas 2.32 to 2.4x
• Added -z option to pseudo-randomize source port
• Added behavior to automatically select the most appropriate interface based on routing (this was on the most wanted list)
• Improved OpenBSD compatibility (IP length nonzero)
• OpenBSD is now detected by autoconf (for configuring the above)
• Darwin is now detected by autoconf and its definition disables some BSD features to make it compatible with Mac OS X and Darwin
• LFT now indicates it has reached the target by printing a 'T' character in the status display (if status is enabled)
• Cleanups were made to the verbose output levels (-VVV)
• Significantly revamped whois framework makes it easy to include whois functionality into other programs
• Added -C and -R and -r options to force alternate ASN sources
• Default ASN source (-A) is now Prefix WhoIs (see pwhois.org)
• LFT now queries for ASNs in bulk format after completing a trace if pwhois (default), RIPE NCC RIS, or Cymru is selected
• Added dst/src port autoselection based on user-supplied hostname
• Vastly improved standalone whois client "whob" see whob.8 (whob manpage)
• Makefile now installs 'whob' no-frills whois client (try ./whob)
• "Smart" mode is now referred to as "Adaptive" mode (-E)

Version 3.1 - the latest release, but available only as source code - includes WhoB 2.0, and adds/changes the following:

• New configure options: --enable-gtod Forces LFT to use gettimeofday() on each packet instead of using the BPF timestamp. This is critical on platforms that have enabled 'fastts' or that do not have high-precision BPF timestamping. --enable-universal generates binaries including both PPC and Intel architecture (for users running Mac OS X/Darwin).
• Improved compatibility with NetBSD and Darwin/Mac OS X.
• Added autoconf support for NetBSD.
• Improved compatibility with older.
• Updated autoconf bits and pieces.
• By popular request, reversed the -g option of WhoB. WhoB now uses gigo mode by default unless -g is specified which turns ON its parser and enables the other various options.

Little Snitch

Shareware; $24.95

Current Version: 1.2.4 (January 29, 2007) / 2.0.4 (August 14, 2008)

Little Snitch is a "Trojan horse" detector for Mac OS X. Trojan horses are programs (or aspects of programs) that make network access behind your back to collect statistics about the use of your computer. Trojan horses can be detected by Little Snitch and prevented from transmitting such data. Some highlights:

• Prevents applications from "phoning home".
• Protects you from trojans, worms, and other network parasites.
• Shows which applications send information over the internet.
• Provides a higher level of security for the paranoid.

Version 2.0.4 - the latest version for Mac OS X 10.4 and later - adds/changes the following:

• Improved compatibility with 64-bit PPC machines.
• Fixed a kernel panic triggered by various Java development suites.
• Improved Little Snitch Installer.
• Network Monitor - Support for multiple screens has been improved. The window position and the maximum number of displayed processes is now stored per screen configuration.

Version 1.2.4 remains available for Mac OS X 10.2 and Mac OS X 10.3.

Little Snitch functions as a 3-hour, time-limited demo prior to purchase, and quantity discounts are available.

MacSniffer

See text.

Current Version: 1.0b1

From the MacSniffer home page: MacSniffer is a front end to the built-in 'tcpdump' packet sniffer on Mac OS X. MacSniffer allows you to view all of the traffic on a network connection, such as ethernet. MacSniffer includes a filter editing interface and a filter library to easily construct and reuse packet filters to view a subset of all the traffic on the connection, such as just that destined for a specific host or port. You can choose the level of detail you want captured, from just the minimal packet headers (showing source and destination hosts and ports) up to a full hex and ASCII dump of the packet contents. MacSniffer can be useful for diagnosing many network problems, debugging client/server programs, and scanning for particular network exploits in real time." When released in final form, MacSniffer will be shareware, $15.

Nessus

Commercial; see text

Current Version: 3.2.1 (June 2, 2008)

The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner. Nessus is currently rated among the top products of its type throughout the security industry and is endorsed by professional information security organizations such as the SANS Institute. It is estimated that the Nessus scanner is used by 75,000 organizations world-wide.

Features include:

• Up-to-date security vulnerability database - Nessus mostly focuses on the developement of security checks for recent security holes. Its security checks database is updated on a daily basis, and all the newest security checks are available here and can be retrieved with the command nessus-update-plugins. An RSS feed of all the newest security checks allows you to monitor which plugins are added and when.
• Remote AND local security - Traditional network security scanners tend to focus on the services listening on the network - and only on these. Now that viruses and worms are propagating thanks to flaws in mail clients or web browsers, this conception of security is getting outdated. Nessus has the ability to detect not only the remote flaws of the hosts on your network, but their local flaws and missing patches as well - whether they are running Windows, Mac OS X or a Unix-like system.
• Extremely scalable - Nessus has been built so that it can easily scale down to a single CPU computer with low memory to a quad-CPUs monster with gigabytes of RAM. The more power you give to Nessus, the quicker it will scan your network.
• Plug-ins - Each security test is written as an external plugin, written in NASL (see below). This means that updating Nessus does not involve downloading untrusted binaries from the internet. Each NASL plugin can be read and modified, to better understand the results of a Nessus report.
• NASL - The Nessus Security Scanner includes NASL (Nessus Attack Scripting Language), a language designed to write security test easily and quickly. NASL plugins run in a contained environment on top of a virtual machine, thus making Nessus an extremely secure scanner.

Nessus for Mac OS X is not just a port of the Unix server to the Mac environment; it also bundles a native interface to manage the server and the client. The Mac OS X Nessus Client sports the following features:

• Session-based - A 'session' is a set of targets, policies and results. A session may contain multiple scan results
• File-based - Each session is stored as a unique file on disk. This file can then be easily moved around to another host by email, ftp, etc.
• Multiple scans in parallel - You can create multiple sessions in parallel (File | New) and each session can perform a scan
• Real-time results - The results can be viewed and worked on in real time
• Universal Binary - Nessus for Mac OS X natively runs on PPC and Intel CPUs

Nessus 3.2.1 provides several enhancements:

• Contains a new report filtering mechanism in the client
• Adds support for Fedora 9 and Ubuntu 8.04
• Re-introduces support for Windows 2000
• Fixes several bugs

The Nessus software itself is free, and 7-day delayed access to vulnerability checks is also available for free to all registered users. "Instant" access to these vulnerability checks - as well as full commercial support - is available under a $1,200 annual subscription agreement. See the Nessus registration page for further details.

Net-SNMP

Open source; $0

Current Version: Binary: 5.0.2 (July 19, 2002) / Source: 5.3.1 (July 14, 2006)

Note: As of October, 2003, Dartware suspended its efforts to produce a Mac OS X specific version of Net-SNMP. The changes Dartware made to versions 4.2.3 and later to make it work on Mac OS X were incorporated in the production build. The sources on the net-snmp project page now build without problem on Mac OS X. They are available from http://sourceforge.net/project/showfiles.php?group_id=12694.

Net-SNMP for Mac OS X is a Mac OS X version of the open source net-snmp software that makes statistics about a computer available via SNMP. A detailed description of the net-snmp project along with a FAQ and other documentation can be found at the SourceForge site, http://net-snmp.sourceforge.net/. The net-snmp software in this distribution includes an extensible agent, an SNMP library, snmpget, snmpset, snmpwalk and other tools to set or request information from SNMP agents, and tools to generate or handle SNMP traps. The following MIBS are supported in part or in their entirety:

• MIB-II General network statistics (RFC 1213)
• UCD agent extensions (processes, disks, memory, load average, shell commands, error handling)
• Host Resources (RFC 1514) "initial implementation"
• SNMPv3 MIBs (RFCs 2571-6)

Net-SNMP is released as open-source freeware. net-snmp 5.0 was a significant rewrite and provided many new features, such as allowing Perl scripts to create responses to SNMP queries. The Mac version hasn't seen an official "build" since 2002, but the latest source code is available, and includes instructions for compiling and using under Mac OS X.

NetBarrier

Commercial; $69.95

Current Version: "X5" (10.5.3) (October 1, 2008)

Intego, Inc. produces the NetBarrier personal firewall software. Users of version 2.0 or later may update their software by using its built-in update function; users of earlier releases may purchase an upgrade. The "Classic" Mac OS version is no longer available for purchase, although updaters are still available for download (see below).

Features include:

• Controls incoming TCP/IP traffic and data
• Controls outgoing TCP/IP traffic and data
• Offers preset or customized security rules
• Protects against Trojan Horses
• Protection against vandal programs
• Blocks selected applications
• Alerts you when applications connect to the Internet
• Audits vandal alerts
• Protects against intrusions
• Offers a choice of defense policies
• Detects wrong passwords
• Protects against network attacks
• Protects against ping of death
• Protects against ping flooding
• Protects against SYN flooding
• Protects against port scans
• Stops unknown packets
• Controls system resources
• Provides TCP sequence scrambling
• Helps control cookies
• Offers individual cookie control
• Deletes cache and history files
• Blocks ad banners
• Hides the last web site visited
• Hides browser and platform information
• Safeguards personal information
• Filters TCP/IP & AppleTalk stacks
• Protects against data thieves, hostile java applets, hostile plug-ins

Version 10.5.3 "addresses some minor issues and improves overall stability"; version 10.5 introduced the following new features:

• New interface
• Multiple firewall configuration settings, which can change when network settings or locations change
• Simple and advanced firewall modes
• Advanced options for intrusion protection
• Improved anti-spyware functions
• More thorough logging
• Enhanced network monitoring features
• New helper application, Washing Machine, which cleans browser caches, cookie files, history files and more

Net Monitor

Shareware; $10

Current Version: 3.9.5 (December 24, 2005) / 4.4.8 (August 8, 2008)

Net Monitor is an inexpensive shareware application written for Mac OS X (10.1 or later) that graphs network interface throughput in a floating window, the Dock or the Menu Bar. Very simple! As of version 2, the software incorporated the functionality of the previously-separate PPP Monitor application by the same author.

Version 4.4.8 - available for Mac OS X 10.4 and later only - makes the following changes from the previous release (3.9.5 is still available for older Macs):

• Fixed incorrect behavior of Graph Preferences Pane (since version 4.4.5).

NetSplatX

Freeware

Current Version: 1.0

Formerly a commercial software offering (NetSplat) from Maxum Development, NetSplatX is a free Web server performance tuning utility for Mac OS X. NetSplatX simulates browser activity by sending HTTP requests to the server being tested and accepts the responses. Successful transactions are recorded during testing and basic statistics are displayed to tell you how your server performs under various load levels. See the online documentation for more information.

Net Tool Box

Sharware; £20

Current Version: 3.1 (July 18, 2005)

Net Tool Box is a full set of networking tools for network administrators, software developers and enthusiasts. It can perform all sorts of tasks, from simple DNS resolution to full-blown host interrogation. You can graphically map the location of an IP address, you can traceroute to almost any computer on the Internet, and you can use the terminals to perform protocol analysis and development. Version 3.1 features the following enhancements:

• [NEW] Rewrote Ping, Ping Scan and Traceroute to work fully x-platform. Windows 98/ME Note: Requires WinSock 2.
• [NEW] Added a contextual menu (right-click/ctrl-click) for IP addresses. You can now bring up a menu on practically any IP address shown throughout Net Tool Box providing information and options.
• [NEW] Added preferences option to remember tool presets. This will retain things like timeouts and port ranges betweeen sessions. Also added 'Reset' button in preferences to revert these presets to their defaults.
• [NEW] Added an 'out-of-date' warning to Mapper on first run. Caida's NetGeo database, which Mapper uses to retrieve network loactions, is no-longer maintained.
• [CHG] Removed Authorize facility to save a lot of headaches. You can authorise manually still if you'd like. See the FAQ for more info.
• [CHG] Updated About Box credits.
• [CHG] Windows: The toolbar is now de-mac-ified. No more aqua stripes and aqua buttons.
• [CHG] Changed the favorites popup menu to look better x-platform.
• [CHG] Re-named Rendezvous to 'Bonjour' to comply with Apple's fantastically sensible name-change!
• [CHG] Changed some toolbar icons. VPN interfaces now have an icon in the interfaces window.
• [CHG] The "Show WAN Address in Toolbar" option now gets it's IP from the version-checker routine. This means "Show WAN Address" will only work if version checking is enabled. The preferences window has been modified to reflect this change.
• [FIX] Using keyboard shortcuts for opening Favourites and Preferences windows on OS X no longer shows the application switcher.
• [FIX] Windows: ARP Table and Netstat are now working.
• [FIX] Fixed typos on Network Statistics window and Port Updater window.
• [FIX] "Favorites" is now spelled correctly.
• [FIX] Mac: ARP Table MAC addresses are now formatted correctly.
• [FIX] Windows: Console-output in terminals and whois now respect the fixed-width font set in the preferences.
• [FIX] Statistics Window: Now formats bytes correctly as MB, GB etc.
• [FIX] Netstat now works on Mac OS X 10.4, Tiger. Unfortunately, Apple have removed the tool used to relate sockets to processes, so for 10.4 and above, the 'Process' column is not available. Hopefully I can find a workaround, to bring the functionality back in the future.

Net Tool Box is a shareware application, approx $35 (£20). It has a 5 minute session timeout, a 3 map-per-session limit and one minute timeouts on NetStat, TrafficWatcher and Packet Watcher sessions. Also, Traffic Watcher can only listen on port 80 (Web) in demo mode.

NoobProof

Open source; $0

Current Version: 1.2 (November 10, 2008)

NoobProof (from the authors of WaterRoof) is a free IPFW firewall front end for Mac OS X 10.4 and 10.5 that is designed to be simpler than WaterRoof (requiring only 5 steps to configure).

Version 1.2 adds/changes the following:

• Well known port numbers
• Honors "allow only.." rules
• Bug fixes

A WaterRoof / NoobProof comparison can help you make a decision about which of these free firewall configuration tools is right for you.

Norton Personal Firewall

Commercial; $49.95

Current Version: 3.0.3

Symantec Corporation produces Norton Personal Firewall for Mac OS 9 and Mac OS X, a software-based firewall product that is based upon Open Door Networks' DoorStop Personal Firewall.

ntop

Open source; $0

Current Version: 3.3 (June 11, 2007)

ntop is a free, open source network traffic probe that shows the network usage, similar to what the popular "top" command in UNIX. ntop is based on libpcap. ntop comes with two applications:

• the 'classical' ntop that sports an embedded web server
• intop (interactive ntop) is basically a network shell based on the ntop engine.

ntop users can use a a web browser to navigate through ntop (which acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of a web interface; limited configuration and administration via the web interface; and reduced CPU and memory usage make ntop easy to use and suitable for monitoring various kind of networks.

Version 3.3 adds/changes the following:

• Improved stability, ease of use
• U3 support
• GUI (Win32)

OTTool

Freeware

Current Version: 1.2.1

OTTool is a free utility from Neon Software which provides a synopsis of the AppleTalk and IP configuration parameters within Apple Computer's Open Transport networking architecture. In addition, OTTool allows users on IP networks to make Domain Name Server (DNS) queries, ping devices using ICMP Pings, trace IP routes (UNIX traceroute), scan through ranges of IP addresses asking for resolutions, and to query a DNS for Mail Exchange and System Info. Version 1.2.1 fixed a compatibility issue with OS X 10.1 and added more user interface improvements for OS X 10.1.

PacketStream

Shareware; $24.95

Current Version: 2.4 (October 15, 2008)

From the PacketStream home page: "PacketStream provides point-and-click activation of the Mac's built-in network monitoring program, which is usually available only from the command line. By clicking a few buttons, you can monitor data as it streams over your network--especially useful for checking web traffic, network bottlenecks, or even suspicious network activity. All network data is displayed in the application itself, and you can save the data to a file for further analysis later."

Version 2.4 adds/changes the following:

• Adds standard Mac "window" menu to better fit with system interface guidelines.
• Preferences now update immediately on window close; no need to hit "save" button. Better compliance with system interface guidelines.
• Window position now saved auotmatically when program closes.
• No longer connects to server on every startup to check for new version; user controls this process.
• New "license" menu item displays user's serial number.
• New built-in help viewer; avoids UI glitches of native Mac help viewer.
• New graphics engine: improved UI appearance.
• Printing support added: send data text to printer.

The download is a 30-day demo; you can purchase a license to use the program past the 30-day trial period. Mac OS X 10.4 is the minimum supported platform.

Paros

Open source; $0

Current Version: 3.2.13 (August 8, 2006)

Paros is an essential tool for all web application developers and web site security auditors. It is a Java-based HTTP/HTTPS proxy for assessing web application vulnerability, supporting editing/viewing HTTP messages on-the-fly. Features include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections, and more.

Version 3.2.13 adds/changes the following:

• New: skipping designated URL in spider. Use options to set the spider.
• New: auto update menu and periodic check for update (Windows and Linux platform only).
• Fix: the use of new external library caused slower performance of proxy. Restored to older library.

See the installation instructions for more information.

sunShield

Shareware; $29.95

Current Version: 2.0.3 'L' Pro (November 12, 2007)

sunShield is a preference pane that manages the built-in firewall in Mac OS X (which makes it similar to Flying Butttress / BrickHouse, except that Flying Butttress is a standalone application).

Core features include:

• PPC and Intel ready
• Supports IPFW2, shipped with Tiger.
• Use advanced actions, and advanced protocol options.
• Easily turn firewall ON / OFF
• Create all kind of basic or dynamic rules.
• Lets you also create rule manually, from sunShield's interface.
• Review dynamic rules, time left and parent rule.
• Enforce rules based on user sending packet.
• Enable or disable logging, system wise.
• Live logs, in sunShield, lets you use ToolRules (sniffing, debugging...)
• Export rule base to an rc.firewall script, handy to deploy IPFW configuration on BSD compatible systems.
• Re-order rules with simple drag and drop.
• Edit rules with a double click on them, right click them to edit as new rule
• Automatically save and restore rules across reboots.

Apart from being released natively for Intel- and PowerPC-based Macs, version 2.0 Pro adds/changes the following:

• Edit (and replace) or Edit as a new rule.
• Import and export a whole ruleset from one file, in one click.
• Enhanced template support.
• New interface, bringing better feel when using the pane.
• New key protocol in order to support demo version. (2.0.2)
• Two glitches fixed in French interface. (2.0.2)
• Added: Refresh button on Logging window. (2.0.3)
• Fixed: Edit as new rule broken. (2.0.3)
• Fixed: Debug output logged on dynamic rules, even when debug output disabled. (2.0.3)
• Fixed: A bug introduced with Leopard's build 9a581. The bug is not in Leopard, but in the way sunShield Pro tries to read some system data. (2.0.3 'L')

throttled

Open source; $0

Current Version: 0.5 (March 17, 2008)

throttled is a free, open-source bandwidth shaping application for Mac OS X, FreeBSD, and Linux that allows you to put a cap on your upstream bandwidth and keep your download speeds high even when your server is sending out at full speed. Features include:

• Allows you to set either a global throttle for all your applications, or multiple throttles with different speeds to guarantee all your servers a certain bandwidth.
• Allows you to setup priority queues for your network data to guarantee low-latency ssh, telnet, etc connections on your server.
• Prioritizes TCP ACK packets to allow consistant bandwidth in both directions even under heavy server load.
• Flag for allowing you to throttle local network addresses 192.168.x.x and 10.x.x.x. (By default, only Internet-bound traffic is throttled)
• It uses almost no resources. CPU usage is around 0 - 2% and it uses less than 500k of RAM.
• Source code is freely available, and released under the GPL. Please read the COPYING file in the distribution.

Version 0.5 adds/changes the following:

• The new release now supports full weighted queues. Please make sure to look over the updated throttled-startup file since some of the syntax has changed.
• Also updated this release so it compiles cleanly on Leopard.

Throttled Pro

Shareware; $20

Current Version: 1.5 (March 27, 2008)

ThrottledPro is an enhanced, graphical version of the free command-line-driven throttled software. Like its free sibling, it provides bandwidth shaping for Mac OS X that allows you to put a cap on your upstream bandwidth and keep your download speeds high even when your server is sending out at full speed. Features include:

• Throttled Pro will provide capping services to all machines connected to you through Apple's built in Internet Connection Sharing.
• Throttled Pro works with Apple's built in firewall. In order to configure the firewall you will need to stop Throttled Pro. After the firewall is configured, turn on Throttled Pro and everything will work just fine.
• Throttled Pro supports BitTorrent and FTP using the configuration panel. If you use the ports configuration and have "Enable Catch All Rule" checked, then this will work as well.
• You can setup as many services as you want in Throttled Pro.

Version 1.5 - the first release since September 2006 - adds/changes the following:

• Updated to use throttled-0.5 which implements weighted network queues (WF2Q+).
• Minor cosmetic changes to the Advanced Configuration.

VisualRoute

Commercial; see text

Current Version: 12.0j (November 5, 2008)

Visualware Inc. produces VisualRoute, a remarkably nice Java-based ping, whois, and traceroute program that automatically analyzes connectivity problems, displaying the results graphically on a world map. When configured as a server, VisualRoute provides visual traceroute services to web browser clients.

Version 12 ("2008") introduced the following new features:

• (All editions) IPv6 compatibility - See traceroute, ping, reverse DNS and Whois lookups for IPv6 addresses and network hosts.
• (All editions) IP location database update - Get the latest database update for the most accurate IP location reports.
• (Business and SupportPro editions) NEW! OmniPath shows all possible routes to a destination and allows you to compare the performance of different routes.
• (Business and SupportPro editions) NEW! NetVu shows a high-level view of all network routes for open trace reports, enabling easily identification of network nodes that are common to multiple routes, network routes that have multiple path options, and comparison of the number of hops for multiple routes.

Version 12.0j adds/changes the following:

• Updated compatibility with Java update 10 and Vista.

Pricing ranges from $49.95 for the "Personal" Edition to $395 for the "SupportPro" Edition. The online purchase page has more details. All Mac users can try the free online version. Highly recommended.

WaterRoof

Open source; $0

Current Version: 1.8 (July 21, 2007) / 2.1 (June 30, 2008)

WaterRoof (from the authors of NoobProof) is a free IPFW firewall front end for Mac OS X with a easy interface and many options. Features include dynamic rules, bandwidth management, NAT configuration and port redirection, pre-defined rule sets and a wizard for easy configuration. You can also watch logs and graphic statistics. Rules configurations and network options can be saved and optionally activated at boot time.

A WaterRoof / NoobProof comparison can help you make a decision about which of these free firewall configuration tools is right for you.

Version 2.1 adds/changes the following:

• Added ipv6 support
• Bug fixes
• Compatible with both Mac OS X 10.4 and 10.5

WEP Key Maker

Freeware

Current Version: 1.1

If you're looking into creating a wireless network for your Macintosh, here's a dirty little secret that will save you a great deal of money: Apple's AirPort base station isn't the only wireless access point (WAP) device that AirPort-card-equipped Macintoshes work with. There are many fine 802.11b WAPs available for half the cost of the AirPort base station, and your Mac will work just fine with them, right out of their boxes. You'll find, however, that these devices - by default - come with Wired Equivalent Privacy (WEP) disabled, meaning that data sent between your computer and WAP will be sent in the clear over the airwaves, offering little to no protection from intruders who know how to decipher these signals.

If you want to enable your wireless access point's 40 or 128 bit encryption, you'll probably find an area in its configuration screens that asks you to enter in a series of hexadecimal numbers called a "key." These WEP keys are used by the algorithm that your hardware employs to encrypt your wireless data. They are typically generated by a piece of software. WEP Key Maker is such a piece of software. Download it, enter in some text that tickles your fancy (called a "pass phrase"), and it will generate a 40 bit or 128 bit key you can enter into your WAP's configuration screen.

Once you do this and reboot your WAP, however, you'll note that the next time you try to access your wireless network from your Macintosh, you'll be prompted by the AirPort software to enter a password. Type a dollar sign ($) into the AirPort password field, and then type in (or paste, if you can) the key that WEP Key Maker generated for you, making sure to store this lengthy string of characters in your OS 9 or OS X "keychain" by clicking the corresponding checkbox. Click "OK," and you'll have rejoined your wireless network with encryption fully-enabled.

Apple's AirPort base station makes it unnecessary for end users to deal directly with WEP keys by using a proprietary algorithm to convert passwords to WEP keys on the fly. Fortunately, the "$" prefix trick allows you to use WEP keys instead of these special passwords directly with any AirPort card-equipped Mac, enabling you to hook into just about any standard third-party 802.11b wireless base. While you'll probably only need WEP Key Maker to generate a key for WAP routers that you own or control, remember the "$" trick if you happen to be visiting a company or building that requires encrypted access to its wireless network. Remember, however, that public networks that you are likely to find in hotels or public wireless WANs in large cities typically use no encryption whatsoever, and your AirPort card will detect these and allow you to use them without a password or WEP key of any kind.

WEP Key Maker is the only Macintosh-based WEP key generator that I am aware of, and it's an essential piece of any wireless Mac-head's arsenal of tools. It's n