tcpdump, ethereal, wireshark, snoop, etc all use the pcap file format for saving packet capture information. That means you can capture information from say OpenBSD PF and then analyse the data in wireshark. The only problem I find is that capture files can get huge and when that happens they are a real PITA to analyse.
That's why I wrote this perl script. It allows you to extract packets from a specified time period (using the timestamp in the packet header) out of a huge dump file and copy them into a new file that should be much smaller and much easier and faster to analyse. Alternatively you can use it to split the huge file into several smaller files of x MB each.
This should be useful to anyone analysing a network packet capture file. Rather than using filters to look at a 500MB file extract the packets for the time period you are interested in and just look at those!
Over the past few days I've written some perl modules to plug a Zeus ZXTM Traffic Manager into first, Twitter, and then a Nabaztag bunny. At first both of these seem a little frivolous, but on further reflection perhaps a little ingenious. I can now keep an eye on my networks and application servers by following my ZXTM on Twitter, or I can get a small plastic bunny to yell at me in my living room, when things go wrong.
GPGSesame is a perl script that collects and verifies Open PGP signed / encrypted mail and allows access through a Linux Netfilter firewall. This enables you to remotely open holes in your iptables by simply sending a GPG email to authenticate yourself. The version here opens acess to the SSH port, but you're free to modify the script if you want to change that.
If signed / encrypted email seems a bit too complicated or you don't fancy carrying a GPG key around with you for authentication, you could use a dynamic dns account instead. See ddns holes
