Yes, we know many of these apps are not even remotely directly comparable. The real question should be, which one does its job the best. There are simply too many security niches for us to have a poll for each one.

--jeremy

Maybe it is reasonable to mark "Ethereal" item as "Wireshark (former Ethereal)", after domain and trademark went to main developer's former employer and all the team is now working on Wireshark (with same code base)?

Good point - done.

--jeremy

Wow that's kind of a hard one. I use a lot of those. I am going to have to thrown down on Wireshark though, because I use it when I notice my bandwidth acting up when it shouldn't. I can also use it to monitor traffic on my whole network and not just between my computer and the internet. Very nice.

By the way, if I tend to think I will vote for Wireshark anyway, do I have right to propose dsniff package (including arpspoof)? As far as I remember neither of proposed options allows you to intercept gateway traffic for some exotic machine (like I have notebook on the same switch as an HDS X terminal, and surely I have no chance to run sniffer on an important server - so I fake gateway for X terminal and debug its network boot, it was exactly so).

nmap tool is my favor for usually checking my network.

I vote for Ossec hids with rkhunter as a very very very near second. Ossec really helps me as a "noobie" as it tells me right away or within a few minutes at the least what's going on with my system, it monitors my rkhunter db and files, my aide.conf and db and other important misc files and it comes with fantatic "noobie friendly" installation for a slackware linux noobie as myself. In fact it is one of my favorite app's in gnu/linux becuase of it's spped and consistency even on old pc's tho I rkhunter is truly a blessing

How about adding Aide to the list?

Firestarter... makes firewalling easy

Haven't heard about half the apps listed here. The ones I know of do not do the same thing. Tough call.

Good old reliable chkrootkit.

Can't really vote on this one. I use a few of the options for different things. Choosing one is like choosing between a TV and a computer, I like them both for different reasons.

Where is FireHOL(Bash based, file configured, iptables interface)? Can't vote anything else....

;-)

not fair ... most of the stuff mentioned are good. [except nessus, since they made it closed source-free application instead of having it as open source since version 3.0] so iam unsure whether it can be included here

Ethereal,dsniff,nmap,tcpdump and ...kismet seem to be "impressive" [i use them regularly]

Holy cow, need to split this one up into multiple categories, ie: firewall, sniffing, anti-virus, anti-spam, etc.

I'll go down the firewall avenue, and pick shorewall, because it can be reconfigured from the command line, and has a really nice webmin module (all my servers run webmin). fwbuilder is really nice for the complex firewalls, but requires a gui to make any changes.

I'd have to add a few options to this poll. My firewalls usually run shorewall, squid, dansguardian, clamav, then mgmt tools like sarg, webmin, vnc, etc.