Apple Broadband Tuner is an official "patch" from Apple that tweaks selected network settings on Mac OS X 10.4 to increase the performance of FiOS-based high-speed Internet connections. From the Broadband Tuner home page:
"The Broadband Tuner allows you to take full advantage of very high speed FiOS based Internet connections that have a high latency. The installer tweaks some system parameters.
"There is an optional uninstaller that can be used to restore the settings that were in effect at the time just before the system parameters were changed.
"The installer increases the default values for the size of the TCP send and receive buffers. With larger buffers more data can be in transit at once. A startup configuration file is also updated so that these changes will persist across restarts.
"The system parameters are sysctl variables that are set as follows:
"This change has a system wide effect and is applied even if the network is not high speed connection with a high latency, with the exception of modem connections for which the system uses small default TCP buffer sizes."
Drew notes: This program, which is written as a series of Perl scripts, does its magic by writing to (or creating, if necessary) your /etc/sysctl.conf file.
Please note that this is for one very specific type of Internet connection (FiOS), and Apple has clarified this since releasing the software on 11/28/2005.
I'd prefer to see Apple release this as (part of) a Preference pane rather than a klunky installer/uninstaller package. I would imagine that Apple plans precisely this (or perhaps an automatic variant) for a future release of Mac OS X.
Berkeley Packet Monitor is a Mac OS X network traffic monitoring and diagnostic utility. It uses the Berkeley Packet Filter devices built into the Mac OS X operating system to log and re-assemble all packets entering and exiting from a specific network interface. The software can be configured to log ICMP, TCP, and UDP packets and will allow you to view the raw data contained in each packet sent or received. If you like the program or use it frequently you may register your copy for $6 at http://www.kagi.com/.
Version 1.5 - the first release since December 2005 - adds/changes the following:
Open Door Networks produces the DoorStop X software-based firewall, which works with the Who's There? Firewall Advisor software.
Version 2.3 adds/changes the following:
Firewall Builder is multi-platform firewall configuration and management tool. It consists of a GUI and set of policy compilers for various firewall platforms. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations. Firewall Builder currently supports iptables, ipfilter, OpenBSD PF and Cisco PIX.
Being truly vendor-neutral, Firewall Builder can generate configuration file for any supported target firewall platform from the same policy created in its GUI. This provides for both consistent policy management solution for heterogeneous environments and possible migration path.
Version 4.0.0 added/changed the following:
Version 4.0.1 introduces a huge number of additional bugfixes, which are detailed in the online release notes.
The download packages work in evaluation mode for 30 days and can be unlocked with a license file. Please note: Mac OS X packages are built on Intel-based Mac running Leopard. The author has been having difficulties building universal packages with QT so these will not work on PowerPC Macs, so the old PowerPC version (2.1.19) remains available.
Please note: Flying Buttress was formerly known as BrickHouse.
From the Flying Buttress home page:
"Flying Buttress is designed to make using the network firewall built in to Mac OS X quick and easy. By using Flying Buttress to enable your computer's firewall, you can help prevent unauthorized villains from gaining access to your computer via your internet connection, and from performing network attacks.
"While Mac OS X is fairly secure as installed, it also includes a powerful network traffic filter or firewall that can both prevent break-in attempts and keep your computer from being used in attack on another computer. Unfortunately, the default installation leaves it wide open, and you must manually 'add rules' or filters using a command line tool called ipfw. You need to use Terminal.app to do this. My mom isn't going to be able to do this.
"That's where Flying Buttress comes in. Flying Buttress provides a simple and easy interface to setting and activating your firewall's filters. It also includes a firewall monitor window to allow you to see how often each filter is used. Filter settings can be saved and switched quickly, and imported and exported to and from disk. Settings can be created by knowledgeable users and admins, and distributed to others to disable specific or recently discovered attack techniques."
Version 1.4 adds/changes the following:
HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary. Features include:
Version 2.1.2 adds/changes the following:
One of the questions I am asked most frequently is: "How do I set up a 'Hosts' file on my Macintosh?" Usually, I point people to Apple's reference pages (Mac OS X and Classic Mac OS) on the topic. However, the folks at Lazy Mountain Software have written a simple shareware application that allows much easier configuration of your machine's Hosts file, should you require one. Hostal supports both host mapping and host blocking, as well as "Time to Live" to prevent stale host mappings. For users on a network, Hostal detects an existing Hosts file and incorporates those settings as well. If manual configuration of your Hosts file gives you headaches, be sure to give Hostal a try. A Windows version is also available.
Version 1.4.5 makes undocumented changes from version 1.4.4; version 1.4 was the first "Universal Binary" release of Hostal, for native performance on both PowerPC- and Intel-based Macs.
"Since putting my most frequently used IPs in a 'Hosts' file with Hostal, my web browsing has been faster. However, despite some considerable playing I have not yet been able to get DHCP to function with Hostal's default settings. Here are a few tips: ONE - Set the "large system font" to Chicago particularly if using OS 9.1; TWO - Turn off Hostal filters initially to reduce memory use."
Submit another review!
Tuffcode Limited produces HTTP Scoop, an HTML traffic analyzer/packet sniffer that makes it easy for developers and others to easily analyze client-server communication and diagnose scripts and web applications by observing the actual traffic running between the web browser and web server.
HTTP Scoop provides functionality similar to the network analysis tools included with Interarchy, but it is specifically dedicated to monitoring HTTP traffic (rather than all TCP/IP traffic), and includes specialized features (such as HTML and XML syntax highlighting) that are in tune with this philosophy. For example, while command line tools such as tcpflow, tcpdump, and ethereal perform similar functions, these tools do not fully decode all of the traffic that HTTP can deliver (such as GZIP content encoding).
Version 1.4.3 adds/changes the following:
The demonstration version provides a fully-functional 14-day trial of the software.
Note: As of February 1, 2007 - in what amounted to an employee buyout - Interarchy's lead developer, Matthew Drayton, formed a new company, Nolobe Pty Ltd, and acquired Interarchy. Matthew has been working on Interarchy for six years and has led the development of Interarchy for the last several years. See the press release for more information.
Interarchy, formerly known as Anarchie, is, perhaps, the most popular Mac FTP client - but today it is much more than an FTP tool. One of the most compelling pieces of Mac OS Internet software ever produced, the version 9 series includes the following major new features:
Version 9.0.1 makes the following additional changes:
Version 9.0 is the latest release for Mac OS X 10.4.11 and later. Versions 4.0 through 8.5.4 of Interarchy incorporated the functionality of many older separate Stairways Software products, including MacTCP Watcher, OTSessionWatcher, Daemon, Finger and others. Network traffic watching and packet display were particularly useful tools for Web developers who want to see watch the interactions between servers and browsers. Unfortunately, version 9 eliminates these tools, which is presents a huge step backward in Interarchy's usefulness.
Interarchy has always had some great features, but their unique combination hasn't always made sense to certain people, primarily those who merely sought a simple, straightforward file transfer application. Interarchy has historically been, rather, a power user's FTP client. In recent years, other FTP clients such as Transmit have continued to refine the FTP experience, while Interarchy more or less struggled with what it should be, trying to be all things to all people. Version 7 significantly raised the bar, cleaning up the interface and its various features considerably, with custom views for each bookmark, and with a Finder-like attention to detail. "Tabbed" FTP browsing - identical to the Web browsing breakthrough that people have grown to love in Mozilla, Firefox and Safari - was a welcome addition, as were customizable toolbars, "icon" views, scheduling, and other niceties. The network analysis tools became prettier, and the package began to feel a bit more cohesive. However, versions 8 and later finally make great strides in bringing all of Interarchy's great power to the masses with an intuitive user interface.
Interarchy has always been a tool that every serious Mac Internet user should consider, and today it's a tool that even the less-serious Mac Internet user will feel at home with.
Through February 29, 2008 Interarchy 9 is available at an introductory price of US $39, with a suggested retail price of US $59 effective March 1, 2008. Registered owners of Interarchy 8.5.4 or earlier can upgrade for the discounted price of US $29.
"I'm convinced, after having used [Interarchy] for 1 hour (I've used 2.0.x and 3.0 in the past) that [it] may be the best Internet application ever on any platform. It has an interface that every Mac application should have, fully greyscale-appearance compliant, no modal dialogs or alerts, live, growable scroll bars, Navigation Services, and it works just like the Finder. It can view web sites as a series of links, it can keychain your FTP site passwords, it can perform Sherlock searches, it can slice, dice and julienne. I am no longer placing Fetch on the ISP software site: all our users should now use [Interarchy]."
"I have been a registered user of Anarchie for several years and was more than happy with that product. I have been part of the beta test for Interarchy and have been using the various incarnations for the past three months. Interachy is miles ahead of Anarchie, trust me. This is by far the best FTP client on the market. It is a bit pricey, but considering what you get and what it will do, it is more than worth the money."
"[7.3.2] Back when Interarchy was Anarchie (silly personal bias, but I really liked the old name and dislike the new one) it was my favourite FTP client for quite some time. I loved the ability to perform Archie searches (boy do I miss that, can nothing replace it? Whatever happened to Archie servers?), a lovely user interface and stability. If I could bring back the FTP client I enjoyed back then, Interarchy - despite the silly name - would be my current pick of the bunch. It feels like Stairways Software has lost their way somewhere along the line. I don't want the MS Office of FTP applications. Even Stairways' Kagi hosted web site is a pale image of their old site. It feels like Stairways have lost their groove and it shows in Interarchy."
—Jamie Kahn Genet, 3/10/2005
Submit another review!
Dartware (the nucleus of which is comprised of former programmers from Dartmouth College) produces a heck of a lot of great Mac Internet software, and has some interesting commercial offerings. InterMapper is a an AppleTalk and IP network mapping and management tool that provides powerful Internet mapping and SNMP monitoring.
InterMapper is priced by the number of devices that you monitor. Every piece of network equipment (e.g., each router, switch, hub, etc) counts as a device. The total of the devices being monitored determines the license tier you will need. See the pricing page for more details.
Version 5.3 introduced a number of enhancements:
Version 5.3.2 is primarily a bugfix release.
InterMapper for Mac OS X requires Mac OS X 10.4 or newer. Any computer that can run Mac OS X will easily handle large maps. A minimum of 50 MBytes of disk space is required, although 1 GB or more will allow historical data to be stored. The Mac OS X InterMapper Remote application automatically selects the proper Java VM.
IP Monitor is a very small application that displays your current IP address or subnet mask in a floating window, and allows you to easily copy either of these items to your clipboard for use in applications or documents where it is necessary to make this information known to others. It's AppleScript-able, and very handy. Version 1.3.2 implements access to the Remote Access control panel as well as support for menu sharing under Mac OS X.
"A handy little 'essential' for all of us MIS guys who rely on remote access. The Apple-scriptability is marvelous and trouble-free."
"I wanted to update my web page with an "I am online @ IP xx.xx.xx.xx" [so] I tried IP Monitor. On my '040 Mac it causes system instability. I'm working on tracing down some sort of cure, but if you should hear of others having problems, please post it. It may be a glitch here, not in the software, but the AppleScript works fine and the system stays stable if I don't call IP Monitor."
—Steven M. Palm
Submit another review!
IPNetMonitor is an exceptionally well-written program that currently provides 12 useful, integrated network analysis tools: Test Connectivity (Ping), Traceroute, Name Server Lookup, Whois, Finger, Monitor, TCP Info, Connection List, Address Scan, Subnet Calculator, DHCP Lease, and DHCP Test. Its unique features include asynchronous DNS lookups that make traceroute faster and more consistent, the OT-native Monitor tool, and support for the GURL Apple Event.
Although there's no information regarding what's new in version 2.5.3 (the latest release for Power Macs running OS 9.2 and earlier), version 2.5.2 addressed the following:
The Mac OS X version ("IPNetMonitorX") has been re-written from the ground up in Cocoa using native BSD networking.
Version 2.5 of IPNetMonitorX makes the following changes from version 2.4:
"Lots of easy to use IP test and monitoring features (Ping, TraceRoute, Address Scan, DNS lookup) wrapped in an elegant interface. There's even a scrolling IP traffic monitor window that's Open Transport compatible. You can open multiple windows for most tools and easily keep an eye on several areas of your network at once. This masterpiece has been continually enhanced over the last year and is well worth the $20 shareware fee."
"A first-rate program. As a relative novice struggling with dead and slow connections on the Internet, this has given me a real and rapid education about why and where so I can choose another route instead of just sit waiting and wondering. I like the idea of a date given in the info along with the version number. I was cautious about using this at first because of an "ancient" release note suggesting FreePPP incompatibility. The author calmed my fears (Yes, he was reachable!!! Something uncommon these days of "Internet do-it-yourself help"). The only problem was in installing the program when I chose only the Open Transport option . . . this option needs to be chosen in addition to the program! Chose both and it works like a charm! I'm using System 8 on a PowerMac 6500 with FreePPP and Open Transport 1.2. A must-have. My shareware fee is going in today!"
"I've always wanted to know the IP addy of Windoze ICQ users and now I can! Even if they think that they're IP is HIDDEN!!! Totally awesome and a MUST HAVE!!!"
Submit another review!
Version 2.6c1 (May 28, 2010) is now available for Mac OS X (Cocoa / Universal), adding/changing the following:
More information is available in the release notes.
IPNetRouter is software-based IP router written by Peter Sichel, the author of IPNetMonitor and many other superb Mac OS networking products. IPNetRouter features support of unlimited clients, NAT, DHCP Server, DNS forwarding, Port Mapping, Filtering, and a whole lot more. Although no information is available regarding what's new in version 1.6.9 - the latest release for "Classic" Mac OS - version 1.6.8 added/changed the following:
See the IPNetRouter release notes for more specific information.
On top of the features of the "Classic" version, the Mac OS X version (known as "IPNetRouterX") adds IP masquerading (Network Address and Port Translation with inbound port mapping) a DHCP Server, and AirPort configuration to the IPNetSentryX firewall foundation. As such, it provides in kernel single address space AVL search trees for best in class NAT performance with the maturity of a next generation design based on IPNetRouter classic.
Apart from being made as a Universal Binary for native performance on Intel- and PowerPC-based Macs, version 1.3 of IPNetRouterX added a number of significant new features and fixes that are detailed in the online release notes.
Version 1.4 specifically adds/changes the following:
"IPNetRouter is excellent! Best $50 I've ever spent on shareware. I've been using it for a month to provide Internet access to my LAN of several Macs and PCs via a single IP address and my @Home cable modem. Very stable, great performance and amazingly, doesn't load down the gateway Mac at all. Peter also runs a nice NetTalk mailing list so users can share experiences and support each other."
Submit another review!
The latest in a long line of network monitoring software from Sustainable Softworks, IPNetSentry is a simple and intelligent security application which protects your Macintosh from outside Internet intruders. This is particularly important for Macintosh users who have cable modem, DSL, or another high-speed Internet service where connections can be maintained and left unattended for hours (or days) at a time. Unlike most other Internet security products, IPNetSentry does not erect barriers for the safe use of your Internet connection. There is no need to "punch holes" in a firewall for specific applications you may wish to run. Instead, IPNetSentry silently and intelligently watches for suspicious behavior, and when triggered, invokes a solid filter which completely bans the potential intruder from your Macintosh.
Version 1.4.0 - the latest version for "Classic" Mac OS - makes the following changes:
Version 1.7 - the latest version for Mac OS X - adds/changes the following:
"Smooth running and does a great job catching, then blocking, those nasty hacker wannabe's. IPNetSentry even lets you add custom filters to other ports of entry."
Submit another review!
IPNetShareX (formerly gNAT) is another useful piece of software from Sustainable Softworks, the folks who brought you IPNetMonitor, Tuner, Router and Sentry. From the gNAT home page: "gNAT is a small program designed to give users graphical access to Mac OS X's Network Address Translation (NAT) services without having to use the command line. NAT is a protocol used to share a single internet connection among multiple computers without requiring a dedicated hardware router. gNAT can be used as a Mac OS X alternative to the basic Internet sharing feature of IPNetRouter." Version 1.0c5 adds/changes the following:
Use IPNetShareX Pro if you are a commercial organization and/or you may need technical support with this software. Use IPNetShareX if you will be using IPNetShareX in a non-commercial installation AND you will not require technical suppport. IPNetShareX Pro registration is $25.00 and can be immediately ordered online. IPNetShareX registration keys can be obtained at no charge as described in the included documentation. In both cases, you will need a registration key in order to continue running the software after the initial 21 day trial period. You just need to copy and paste the entire XML key file into the registration edit box and click the Accept button.
IPNetTuner (formerly OT Advanced Tuner) is a control panel application (APPC) that allows you to change TCP/IP parameters under OpenTransport. Everything from adjusting TCP/IP window sizes to aborting keepalives is supported. It's the first utility of its type for the Macintosh, and is evidence itself of the many ways OpenTransport provides the Macintosh with one of the most flexible TCP/IP stacks available on any platform.
Version 1.5.1 (for "Classic" Mac OS) fixes a bug with ARP table which may have overwritten the table causing IPNetTuner to crash, as well as a bug with the Local Target popup menu.
The Mac OS X version, known as IPNetTunerX, supports over 20 adjustable parameters, including the TCP Window Size, Time Out intervals, Maximum Segment Size, and MTU. IPNetTunerX is a completely new implementation in Cocoa for the native BSD networking stack. The BSD stack is not as tuneable as Open Transport, but still supports a number of important parameters. The included sample tuning documents along with the Link Rate and TCP Rate tools make it easier than ever to test performance and verify the effect of network tuning.
Version 1.7 of IPNetTunerX - the first release in nearly two years - adds/changes the following:
IPNetTunerX is a $15 upgrade from the "Classic" version. See the overview page for more information.
From the LFT/WhoB home page:
"LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filter based firewalls. More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What makes LFT unique? Rather than launching UDP probes in an attempt to elicit ICMP "TTL exceeded" from hosts in the path, LFT accomplishes substantively the same effect using TCP SYN or FIN probes. Then, LFT listens for "TTL exceeded" messages, TCP RST (reset), and various other interesting heuristics from firewalls or other gateways in the path. LFT also distinguishes between TCP-based protocols (source and destination), which make its statistics slightly more realistic, and gives a savvy user the ability to trace protocol routes, not just layer-3 (IP) hops.
"WhoB is a no-frills whois client (see whois(1)) designed to provide everything a network engineer needs to know about a routed IP address by typing one line and reading one line. But even so, it's worth typing a few more lines because WhoB can do lots of other cool things for you! It can display the origin-ASN based on the global routing table at that time (according to Prefix WhoIs, RIPE NCC, or Cymru), the 'origin' ASN registered in the RADB (IRR), the netname and orgname, etc. By querying pWhoIs, WhoB can even show you all prefixes being announced by a specific Origin-ASN. WhoB performs the lookups quickly, the output is easily parsed by automated programs, and it's included as part of the Layer Four Traceroute (LFT) software package. LFT uses WhoB as a framework (and you can too, quite easily--see whois.h). Recent LFT releases (as of version 2.5) include WhoB functionality through a standalone "whob" client/command placed in the LFT binary directory."
Please note that these are command-line utilities for Mac OS X (in other words, they do not have a graphical user interface). This combo is one of only a few command-line utilities I include here on the Orchard, but those who need its functionality are likely to be comfortable with the OS X command line, making this (I hope) a non-issue.
Version 2.5 - the latest release available as an executable binary - added/changed the following:
Version 3.1 - the latest release, but available only as source code - includes WhoB 2.0, and adds/changes the following:
Little Snitch is a "Trojan horse" detector for Mac OS X. Trojan horses are programs (or aspects of programs) that make network access behind your back to collect statistics about the use of your computer. Trojan horses can be detected by Little Snitch and prevented from transmitting such data. Some highlights:
Version 2.2.4 - the latest version for Mac OS X 10.4 and later - adds/changes the following:
Version 1.2.4 remains available for Mac OS X 10.2 and Mac OS X 10.3.
Little Snitch functions as a 3-hour, time-limited demo prior to purchase, and quantity discounts are available.
From the MacSniffer home page: MacSniffer is a front end to the built-in 'tcpdump' packet sniffer on Mac OS X. MacSniffer allows you to view all of the traffic on a network connection, such as ethernet. MacSniffer includes a filter editing interface and a filter library to easily construct and reuse packet filters to view a subset of all the traffic on the connection, such as just that destined for a specific host or port. You can choose the level of detail you want captured, from just the minimal packet headers (showing source and destination hosts and ports) up to a full hex and ASCII dump of the packet contents. MacSniffer can be useful for diagnosing many network problems, debugging client/server programs, and scanning for particular network exploits in real time." When released in final form, MacSniffer will be shareware, $15.
namebench is a free open source DNS benchmark utility from Google that searches for the fastest DNS servers available for your computer to use. It's a handy utility for people who find all too often that their Internt experience is marred by "looking up host" delays due to a less-than-responsive set of DNS nameservers.
The software runs a fair and thorough benchmark using your web browser history, tcpdump output, or standardized datasets in order to provide an individualized recommendation. namebench is completely free and does not modify your system in any way.
While no information is available regarding what's new in version 1.3.1 (presumably, it's a bugfix release), version 1.3 made the following enhancements:
The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner. Nessus is currently rated among the top products of its type throughout the security industry and is endorsed by professional information security organizations such as the SANS Institute. It is estimated that the Nessus scanner is used by 75,000 organizations world-wide.
Nessus for Mac OS X is not just a port of the Unix server to the Mac environment; it also bundles a native interface to manage the server and the client. The Mac OS X Nessus Client sports the following features:
Nessus 4.2.2 makes the following changes:
The detailed change log has more information.
The Nessus software itself is free, and 7-day delayed access to vulnerability checks is also available for free to all registered users. "Instant" access to these vulnerability checks - as well as full commercial support - is available under a $1,200 annual subscription agreement. See the Nessus registration page for further details.
Note: As of October, 2003, Dartware suspended its efforts to produce a Mac OS X specific version of Net-SNMP. The changes Dartware made to versions 4.2.3 and later to make it work on Mac OS X were incorporated in the production build. The sources on the net-snmp project page now build without problem on Mac OS X. They are available from http://sourceforge.net/project/showfiles.php?group_id=12694.
Net-SNMP for Mac OS X is a Mac OS X version of the open source net-snmp software that makes statistics about a computer available via SNMP. A detailed description of the net-snmp project along with a FAQ and other documentation can be found at the SourceForge site, http://net-snmp.sourceforge.net/. The net-snmp software in this distribution includes an extensible agent, an SNMP library, snmpget, snmpset, snmpwalk and other tools to set or request information from SNMP agents, and tools to generate or handle SNMP traps. The following MIBS are supported in part or in their entirety:
Net-SNMP is released as open-source freeware. net-snmp 5.0 was a significant rewrite and provided many new features, such as allowing Perl scripts to create responses to SNMP queries. The Mac version hasn't seen an official "build" since 2002, but the latest source code is available, and includes instructions for compiling and using under Mac OS X.
Intego, Inc. produces the NetBarrier personal firewall software. Users of version 2.0 or later may update their software by using its built-in update function; users of earlier releases may purchase an upgrade. The "Classic" Mac OS version is no longer available for purchase, although updaters are still available for download (see below).
Version 10.5.6 introduces the following new features:
Net Monitor is an inexpensive shareware application written for Mac OS X (10.1 or later) that graphs network interface throughput in a floating window, the Dock or the Menu Bar. Very simple! As of version 2, the software incorporated the functionality of the previously-separate PPP Monitor application by the same author.
Version 4.5.2 - available for Mac OS X 10.4 and later only - makes the following changes from the previous release (3.9.5 is still available for older Macs):
Net Tool Box is a full set of networking tools for network administrators, software developers and enthusiasts. It can perform all sorts of tasks, from simple DNS resolution to full-blown host interrogation. You can graphically map the location of an IP address, you can traceroute to almost any computer on the Internet, and you can use the terminals to perform protocol analysis and development. Version 3.1 features the following enhancements:
Net Tool Box is a shareware application, approx $35 (£20). It has a 5 minute session timeout, a 3 map-per-session limit and one minute timeouts on NetStat, TrafficWatcher and Packet Watcher sessions. Also, Traffic Watcher can only listen on port 80 (Web) in demo mode.
NoobProof (from the authors of WaterRoof) is a free IPFW firewall front end for Mac OS X 10.4 and 10.5 that is designed to be simpler than WaterRoof (requiring only 5 steps to configure).
Version 1.4 adds/changes the following:
A WaterRoof / NoobProof comparison can help you make a decision about which of these free firewall configuration tools is right for you.
Symantec Corporation produces Norton Personal Firewall for Mac OS 9 and Mac OS X, a software-based firewall product that is based upon Open Door Networks' DoorStop Personal Firewall.
ntop is a free, open source network traffic probe that shows the network usage, similar to what the popular "top" command in UNIX. ntop is based on libpcap. ntop comes with two applications:
ntop users can use a a web browser to navigate through ntop (which acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of a web interface; limited configuration and administration via the web interface; and reduced CPU and memory usage make ntop easy to use and suitable for monitoring various kind of networks.
Version 4.0 - the latest source code release of the software - adds/changes the following:
OTTool is a free utility from Neon Software which provides a synopsis of the AppleTalk and IP configuration parameters within Apple Computer's Open Transport networking architecture. In addition, OTTool allows users on IP networks to make Domain Name Server (DNS) queries, ping devices using ICMP Pings, trace IP routes (UNIX traceroute), scan through ranges of IP addresses asking for resolutions, and to query a DNS for Mail Exchange and System Info. Version 1.2.1 fixed a compatibility issue with OS X 10.1 and added more user interface improvements for OS X 10.1.
"This an excellent little tool that does exactly what it says in a neat, simple, intuitive interface. Ideal for Administrators tracing network problems or simply the curious user. Highly recommended."
Submit another review!
From the PacketStream home page: "PacketStream provides point-and-click activation of the Mac's built-in network monitoring program, which is usually available only from the command line. By clicking a few buttons, you can monitor data as it streams over your network--especially useful for checking web traffic, network bottlenecks, or even suspicious network activity. All network data is displayed in the application itself, and you can save the data to a file for further analysis later."
Version 3.3 adds/changes the following:
The download is a 30-day demo; you can purchase a license to use the program past the 30-day trial period. Mac OS X 10.4 is the minimum supported platform.
Paros is an essential tool for all web application developers and web site security auditors. It is a Java-based HTTP/HTTPS proxy for assessing web application vulnerability, supporting editing/viewing HTTP messages on-the-fly. Features include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections, and more.
Version 3.2.13 adds/changes the following:
See the installation instructions for more information.
sunShield is a preference pane that manages the built-in firewall in Mac OS X (which makes it similar to Flying Butttress / BrickHouse, except that Flying Butttress is a standalone application).
Core features include:
Apart from being released natively for Intel- and PowerPC-based Macs, version 2.0 Pro adds/changes the following:
throttled is a free, open-source bandwidth shaping application for Mac OS X, FreeBSD, and Linux that allows you to put a cap on your upstream bandwidth and keep your download speeds high even when your server is sending out at full speed. Features include:
Version 0.5.1 adds/changes the following:
ThrottledPro is an enhanced, graphical version of the free command-line-driven throttled software. Like its free sibling, it provides bandwidth shaping for Mac OS X that allows you to put a cap on your upstream bandwidth and keep your download speeds high even when your server is sending out at full speed. Features include:
Version 1.5.1 adds/changes the following:
Visualware Inc. produces VisualRoute, a remarkably nice Java-based ping, whois, and traceroute program that automatically analyzes connectivity problems, displaying the results graphically on a world map. When configured as a server, VisualRoute provides visual traceroute services to web browser clients.
Version 14 ("2010") introduced the following new features:
Version 14.0d makes the following additional changes:
Pricing ranges from $49.95 for the "Personal" Edition to $395 for the "SupportPro" Edition. The online purchase page has more details. All Mac users can try the free online version. Highly recommended.
WaterRoof (from the authors of NoobProof) is a free IPFW firewall front end for Mac OS X with a easy interface and many options. Features include dynamic rules, bandwidth management, NAT configuration and port redirection, pre-defined rule sets and a wizard for easy configuration. You can also watch logs and graphic statistics. Rules configurations and network options can be saved and optionally activated at boot time.
A WaterRoof / NoobProof comparison can help you make a decision about which of these free firewall configuration tools is right for you.
Version 3.0 adds/changes the following:
If you're looking into creating a wireless network for your Macintosh, here's a dirty little secret that will save you a great deal of money: Apple's AirPort base station isn't the only wireless access point (WAP) device that AirPort-card-equipped Macintoshes work with. There are many fine 802.11b WAPs available for half the cost of the AirPort base station, and your Mac will work just fine with them, right out of their boxes. You'll find, however, that these devices - by default - come with Wired Equivalent Privacy (WEP) disabled, meaning that data sent between your computer and WAP will be sent in the clear over the airwaves, offering little to no protection from intruders who know how to decipher these signals.
If you want to enable your wireless access point's 40 or 128 bit encryption, you'll probably find an area in its configuration screens that asks you to enter in a series of hexadecimal numbers called a "key." These WEP keys are used by the algorithm that your hardware employs to encrypt your wireless data. They are typically generated by a piece of software. WEP Key Maker is such a piece of software. Download it, enter in some text that tickles your fancy (called a "pass phrase"), and it will generate a 40 bit or 128 bit key you can enter into your WAP's configuration screen.
Once you do this and reboot your WAP, however, you'll note that the next time you try to access your wireless network from your Macintosh, you'll be prompted by the AirPort software to enter a password. Type a dollar sign ($) into the AirPort password field, and then type in (or paste, if you can) the key that WEP Key Maker generated for you, making sure to store this lengthy string of characters in your OS 9 or OS X "keychain" by clicking the corresponding checkbox. Click "OK," and you'll have rejoined your wireless network with encryption fully-enabled.
Apple's AirPort base station makes it unnecessary for end users to deal directly with WEP keys by using a proprietary algorithm to convert passwords to WEP keys on the fly. Fortunately, the "$" prefix trick allows you to use WEP keys instead of these special passwords directly with any AirPort card-equipped Mac, enabling you to hook into just about any standard third-party 802.11b wireless base. While you'll probably only need WEP Key Maker to generate a key for WAP routers that you own or control, remember the "$" trick if you happen to be visiting a company or building that requires encrypted access to its wireless network. Remember, however, that public networks that you are likely to find in hotels or public wireless WANs in large cities typically use no encryption whatsoever, and your AirPort card will detect these and allow you to use them without a password or WEP key of any kind.
WEP Key Maker is the only Macintosh-based WEP key generator that I am aware of, and it's an essential piece of any wireless Mac-head's arsenal of tools. It's not only wonderfully easy to use - it's absolutely free.
Version 1.1 adds/changes the following:
WhatRoute is an OpenTransport-based network analysis application that performs traceroute, ping, dnsquery, finger, whois, address scanning, and more. This program is simple, but it is also truly nice (nice enough so that Apple has made it a standard part of OS 9.1 and later). Version 1.7 - the latest release to significantly alter the feature set - added a tree view plotted of the routes followed that allows comparisons between traces, and routes plotted - where possible - on a world map, a traceroute graph, and a ping distribution window. Version 1.8.11 - for "Classic" Mac OS - is a cleanup of version 1.8.0. The rawrequest application is history and a helper app is included in the WhatRoute bundle.
Version 1.8.18 - the latest Mac OS X release - adds/changes the following:
Upon the release of 1.8.15, the author noted: "I am not sure if there is any real need for WhatRoute now that we a vast range of UNIX tools at our disposal. However, I still receive requests for updates and modifications to the software, so I have resurrected the source and fixed many problems that have been brought to my attention in the last 4 years. I don't expect that I will move the entire application to Universal Binary. To do so requires a major re-write and this would not seem to be justified, given that the initial reason I wrote the software was to solve networking problems on a platform that had no tools at all. Times have changed."
"Wow! WhatRoute is really a handy utility. The added Ping and Query options are fun to play with. And the elusive crash-on-close (it happened to me once) is history with 1.3.1. A perfect 10!"
—Benjamin T. Foster
Submit another review!
version 1.8.18 (Carbon / Partially Universal; for OS X 10.3.9+ only).
version 1.8.14 (Carbon; for OS X prior to 10.4 only).
version 1.8.11 (for OS 9 or later).
the 68K version 1.4.3 (for pre-OS 9 systems).
the PowerPC version 1.4.3 (for pre-OS 9 systems).
the Fat Binary version 1.4.3 (for pre-OS 9 systems).
Whistle Blower (formerly Server Sitter) is a network monitoring utility. It's very easy to use and has a simple but elegant interface. It can perform regular checks of your servers and alert you if any of them fail to respond, and it can send email to you or your pager. It can also react to the failure by performing an action. Server Sitter can launch AppleScripts or other files to respond and can also control up to 4 powerkey modules connected to the machine to force restart a hung server. Version 3.1 - for OS 9 and OS X only - addresses the following:
Open Door Networks produces the Who's There? Firewall Advisor that works in conjunction with Flying Butttress (BrickHouse), DoorStop and Symantec's Norton Personal Firewall for Macintosh. Who's There? 2.0 is a major upgrade, available standalone or as part of the DoorStop X Security Suite.
Who's There? 2.3 adds/changes the following:
Can't find what you're looking for? Try a search:
Also, if you have an older Mac, be sure to check out the "Classic" applications page for more options.
Finally, take a look at ALEMIA if you think you know that name of an application, but aren't quite sure.
For an interesting and objective third-party view of Apple's networking technology - from MacTCP through Open Transport and beywond - Peter Sichel's Sustainable Softworks page is unparalleled.
These are applications that are newer and of potential interest, but which I haven't yet selected for permanent inclusion. Have a look, and let me know if you think they deserve to be part of the permanent collection!