The Mac Orchard - HomeHelpFAQALEMIAForumsDrew's Picks

Network Applications

Apple Broadband Tuner

Home Page License:
Freeware

Current Version: 1.0 (November 29, 2005)

Apple Broadband Tuner is an official "patch" from Apple that tweaks selected network settings on Mac OS X 10.4 to increase the performance of FiOS-based high-speed Internet connections. From the Broadband Tuner home page:

"The Broadband Tuner allows you to take full advantage of very high speed FiOS based Internet connections that have a high latency. The installer tweaks some system parameters.

"There is an optional uninstaller that can be used to restore the settings that were in effect at the time just before the system parameters were changed.

"The installer increases the default values for the size of the TCP send and receive buffers. With larger buffers more data can be in transit at once. A startup configuration file is also updated so that these changes will persist across restarts.

"The system parameters are sysctl variables that are set as follows:

  • net.inet.tcp.sendspace: 131072
  • net.inet.tcp.recvspace: 358400
  • kern.ipc.maxsockbuf: 512000

"This change has a system wide effect and is applied even if the network is not high speed connection with a high latency, with the exception of modem connections for which the system uses small default TCP buffer sizes."

Drew notes: This program, which is written as a series of Perl scripts, does its magic by writing to (or creating, if necessary) your /etc/sysctl.conf file.

Please note that this is for one very specific type of Internet connection (FiOS), and Apple has clarified this since releasing the software on 11/28/2005.

I'd prefer to see Apple release this as (part of) a Preference pane rather than a klunky installer/uninstaller package. I would imagine that Apple plans precisely this (or perhaps an automatic variant) for a future release of Mac OS X.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Berkeley Packet Monitor

Home Page License:
Shareware; $6

Current Version: 1.5 (July 31, 2007)

Berkeley Packet Monitor is a Mac OS X network traffic monitoring and diagnostic utility. It uses the Berkeley Packet Filter devices built into the Mac OS X operating system to log and re-assemble all packets entering and exiting from a specific network interface. The software can be configured to log ICMP, TCP, and UDP packets and will allow you to view the raw data contained in each packet sent or received. If you like the program or use it frequently you may register your copy for $6 at http://www.kagi.com/.

Version 1.5 - the first release since December 2005 - adds/changes the following:

  • Added a built-in "Help Book" with IP header informational references.
  • Universal binary.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


DoorStop X Firewall

Company Page Home Page Release Notes Screen Shots License:
Commercial; $49

Current Version: 2.3 (October 26, 2009)

Open Door Networks produces the DoorStop X software-based firewall, which works with the Who's There? Firewall Advisor software.

Version 2.3 adds/changes the following:

  • Snow Leopard support. Version 2.3 of the products provides full Snow Leopard support, including details and advice regarding Snow Leopard-specific issues. Also bug fixes.
  • iPhone support. Version 2.3 of the products includes information and advice specific to the iPhone and its integration with the Macintosh. The book, newly renamed to include "iPhone" in the title, now has a whole chapter devoted to the iPhone and iPod touch, plus iPhone details throughout.
  • Twitter stream. Security issues change so quickly these days, sometimes a blog isn't even fast enough. So, with 2.3 we've added a Twitter stream too, and integrated it with the products through a new "News" menu. Look for real-time links to evolving Mac and iPhone Internet security issues here.
  • Other enhancements. 2.3 products include a number of other enhancements, such as non-admin user support for the DoorStop X firewall, a much improved geo-location service for the Who's There? Firewall Advisor and information and advice on many new security issues.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Firewall Builder

Home Page Release Notes Screen Shots License:
Shareware; $79.00

Current Version: 2.1.19 (May 20, 2008) / 4.0.1 (June 4, 2010)

Firewall Builder is multi-platform firewall configuration and management tool. It consists of a GUI and set of policy compilers for various firewall platforms. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations. Firewall Builder currently supports iptables, ipfilter, OpenBSD PF and Cisco PIX.

Being truly vendor-neutral, Firewall Builder can generate configuration file for any supported target firewall platform from the same policy created in its GUI. This provides for both consistent policy management solution for heterogeneous environments and possible migration path.

Version 4.0.0 added/changed the following:

  • "Single rule compile"
  • Changes and improvements in the GUI
  • Password caching in built-in installer
  • Customazable templates ("configlets")
  • Changes in the structure of generated Linux firewall script
  • Support for high availability firewall configurations
  • Support for OpenWRT
  • Branching rules in NAT
  • Incremental management of IP addresses, VLAN, bridge and bonding interface configuration
  • Built-in installer is much faster when working with Cisco routers and ASA (PIX) firewalls
  • Using EEM for automatic rollback of the configuration changes with Cisco routers
  • Automatic generation of "mirrored" rules for Cisco routers

Version 4.0.1 introduces a huge number of additional bugfixes, which are detailed in the online release notes.

The download packages work in evaluation mode for 30 days and can be unlocked with a license file. Please note: Mac OS X packages are built on Intel-based Mac running Leopard. The author has been having difficulties building universal packages with QT so these will not work on PowerPC Macs, so the old PowerPC version (2.1.19) remains available.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Flying Buttress

Home Page Release Notes License:
Shareware; $25

Current Version: 1.4 (January 2, 2006)

Please note: Flying Buttress was formerly known as BrickHouse.

From the Flying Buttress home page:

"Flying Buttress is designed to make using the network firewall built in to Mac OS X quick and easy. By using Flying Buttress to enable your computer's firewall, you can help prevent unauthorized villains from gaining access to your computer via your internet connection, and from performing network attacks.

"While Mac OS X is fairly secure as installed, it also includes a powerful network traffic filter or firewall that can both prevent break-in attempts and keep your computer from being used in attack on another computer. Unfortunately, the default installation leaves it wide open, and you must manually 'add rules' or filters using a command line tool called ipfw. You need to use Terminal.app to do this. My mom isn't going to be able to do this.

"That's where Flying Buttress comes in. Flying Buttress provides a simple and easy interface to setting and activating your firewall's filters. It also includes a firewall monitor window to allow you to see how often each filter is used. Filter settings can be saved and switched quickly, and imported and exported to and from disk. Settings can be created by knowledgeable users and admins, and distributed to others to disable specific or recently discovered attack techniques."

Version 1.4 adds/changes the following:

  • Changed name to Flying Buttress.
  • Fixed startup item issue under 10.3.9 or higher.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


HenWen

Home Page Release Notes License:
Open source; $0

Current Version: 2.1.2 (June 21, 2005)

HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary. Features include:

  • Includes a precompiled Snort binary for Mac OS X (minor change made to source, see the included Changed Source directory for details)
  • Drag and drop installation (no installer or uninstaller necessary)
  • Supports all major Snort preprocessor and output plugins
  • Supports all Snort rules that are current at the time of this writing
  • Supports configuring all current Snort rule variables
  • Supports direct logging to MySQL databases
  • Supports ODBC database logging (for PostgreSQL, Oracle, MS SQL Server, and more)
  • Supports auto-blocking
  • Can update Snort rules over the network
  • Can set up Snort to run at system startup
  • Supports modem and broadband network connections
  • Runs on HFS+, UFS, AFP, and NFS volumes (SMB and other volume types should work as well, but they haven't been tested)
  • Available in English, German, and Italian (in the same package)
  • And more...

Version 2.1.2 adds/changes the following:

  • Restored compatibility with Mac OS X 10.2.x.
  • Fixed a problem which made it impossible to edit variables and rules under Mac OS X 10.4.x.
  • The "Launch Snort as a startup item" menu item works again under Mac OS X 10.4.x.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Hostal

Home Page License:
Shareware; $9.99

Current Version: 1.4.5 (January 13, 2009)

One of the questions I am asked most frequently is: "How do I set up a 'Hosts' file on my Macintosh?" Usually, I point people to Apple's reference pages (Mac OS X and Classic Mac OS) on the topic. However, the folks at Lazy Mountain Software have written a simple shareware application that allows much easier configuration of your machine's Hosts file, should you require one. Hostal supports both host mapping and host blocking, as well as "Time to Live" to prevent stale host mappings. For users on a network, Hostal detects an existing Hosts file and incorporates those settings as well. If manual configuration of your Hosts file gives you headaches, be sure to give Hostal a try. A Windows version is also available.

Version 1.4.5 makes undocumented changes from version 1.4.4; version 1.4 was the first "Universal Binary" release of Hostal, for native performance on both PowerPC- and Intel-based Macs.

User Reviews

"Since putting my most frequently used IPs in a 'Hosts' file with Hostal, my web browsing has been faster. However, despite some considerable playing I have not yet been able to get DHCP to function with Hostal's default settings. Here are a few tips: ONE - Set the "large system font" to Chicago particularly if using OS 9.1; TWO - Turn off Hostal filters initially to reduce memory use."
—Neville Hillyer

Submit another review!


HTTP Scoop

Company Page Home Page Release Notes Screen Shots License:
Commercial; £10

Current Version: 1.4.3 (November 16, 2009)

Tuffcode Limited produces HTTP Scoop, an HTML traffic analyzer/packet sniffer that makes it easy for developers and others to easily analyze client-server communication and diagnose scripts and web applications by observing the actual traffic running between the web browser and web server.

HTTP Scoop provides functionality similar to the network analysis tools included with Interarchy, but it is specifically dedicated to monitoring HTTP traffic (rather than all TCP/IP traffic), and includes specialized features (such as HTML and XML syntax highlighting) that are in tune with this philosophy. For example, while command line tools such as tcpflow, tcpdump, and ethereal perform similar functions, these tools do not fully decode all of the traffic that HTTP can deliver (such as GZIP content encoding).

Version 1.4.3 adds/changes the following:

  • German localisation.
  • Enter key shortcut now works on Snow Leopard to bring up detail window.
  • Fix for bug where requests left hanging in 'Receiving' state even though complete (whilst TCP connections kept alive for 1xx, 204 and 304 response codes or HEAD requests).
  • Fixed occasional failure to update hex view when a new packet selected in TCP/IP tab.

The demonstration version provides a fully-functional 14-day trial of the software.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Interarchy

Home Page Release Notes Screen Shots License:
Shareware; $59

Current Version: 6.3 (February 10, 2004) / 7.3.3 (April 14, 2005) / 8.5.4 (October 29, 2007) / 9.0.1 (April 15, 2008)

Note: As of February 1, 2007 - in what amounted to an employee buyout - Interarchy's lead developer, Matthew Drayton, formed a new company, Nolobe Pty Ltd, and acquired Interarchy. Matthew has been working on Interarchy for six years and has led the development of Interarchy for the last several years. See the press release for more information.

Interarchy, formerly known as Anarchie, is, perhaps, the most popular Mac FTP client - but today it is much more than an FTP tool. One of the most compelling pieces of Mac OS Internet software ever produced, the version 9 series includes the following major new features:

  • Interarchy now supports a new SSH-based transfer protocol. It should work with any server that supports SSH and has perl v4 or later installed. (Basically, any server that has SSH installed.) SSH has a number of advantages over SFTP. For one it is a lot faster when transferring listings. This means mirrors should take a lot less time to complete. Our internal testing has shown dramatic speed improvements for moderately sized websites; seconds versus minutes.
  • Interarchy's view model has been re-written to support drag-reordering of tabs. Along with being able to reorder tabs in the owning window, you can also drag tabs to a new window.
  • Added "Move Tab to New Window" and "Merge All Windows" commands to the Window menu to help work you work with tabs. Most windows - bookmarks, listings, history, etc - can now be placed in a tab.
  • Interarchy now has much improved resolution independence support. If Apple ever get their act together and finish Mac OS X's resolution independence support Interarchy should be ready.
  • Interarchy adds a Side Bar to listing windows. It behaves much like the Finder's Side Bar.
  • Interarchy's listing windows now have a Path Bar which displays the path of the selected file. It behaves much like the Finder's Path Bar but with some improvements.
  • Interarchy now supports workspaces. See the Window | Workspaces submenu. Workspaces allow you to more easily focus on a task.
  • Cleaned up the behavior of the old "Connect to Server..." window.
  • The Transfers window has been redesigned. It is now a lot smaller and less obnoxious when trying to come to the front.
  • The Interarchy Contextual menu has been much improved.
  • Added support for copy-and-pasting files/folders.
  • Added support for PathFinder. See the File Manager pop-up menu in the Preferences window.
  • You can now control what happens when you press the Return or Enter key in a listing window. Instead of renaming the selected object you can opt to open it instead.
  • You can now specify what should happen when a file exists.
  • By default Interarchy will now download files to the Downloads folder. You can change this in the Transfers pane of the Preferences window.
  • Interarchy will now reopen your last session at startup restoring any open connections. You can turn this off via the "Reopen Last Session At Startup" checkbox in the General preference pane.
  • You can now access your entire history via the History menu.
  • Added a preference to control when history entries are removed. See the General preference pane of the Preferences window.
  • You can now set the default FTP application in the Preferences window.
  • Moved the Upload Permissions settings to the Preferences window. See the Permissions preference pane.
  • Moved much of the Listing menu to the File menu to be more in keeping with other modern applications.
  • Along with being able to copy an items URL, you can now copy an items Public URL. See Edit | Copy URL and Edit | Copy Public URL.
  • Interarchy requires a mapping from the private URL and the public URL. The first time you select "Copy Public URL" you will be asked for this mapping.
  • To edit an existing mapping hold down the Option key while selecting "Copy Public URL".
  • You can now copy the path of an item. Hold down the Option key while selecting Copy.
  • Added a "Preview in Safari" command. This uses the same private/public mapping mechanism as Copy Public URL.
  • Edit With is no longer limited to applications that support the ODBE suite. You should be able to use any application.
  • Interarchy no longer uses it own internal file mapping database. Instead it uses the system Launch Services database. If you use the Finder to change a file mapping it should be reflected in Interarchy.
  • Added an Edit With submenu that allows you to edit a file with any application on your Mac that claims to support it. Much like the Finder's "Open With" submenu.
  • You can now creating new remote files from local templates. Particularly useful is the "New From Template | Text | From Clipboard...".
  • Interarchy now performs application updates by way of Sparkle.

Version 9.0.1 makes the following additional changes:

  • Added the ability to set a definitive editor for all file types. See the "Editor" popup menu in the Helpers Preference Pane.
  • You can now change an editor for a file type from inside Interarchy. No more having to switch to the Finder. See the Get Info window and the Always Edit With menu (hold down the Option key).
  • You can now set the editor for a file type such that it only applies to Interarchy. This is quite useful if you want .html files to open in Safari and edit with BBEdit.
  • Interarchy is now much smarter about how it populates the "Edit With" menu.
  • Much improved stability on Mac OS X 10.4.11 and earlier.
  • Fixed up a crash that might occur when changing the protocol in the "New Connection..." window.
  • Fixed a bug that may have prevented the double-click action for a particular file type from working. See the Get Info window.
  • The Edit toolbar item should now activate/deactivate correctly.
  • Fixed a crash that might occur when adding a folder to the Bookmarks Bar.
  • Removed the support for spell checking. This should prevent crashes that result from dodgy dictionaries installed by 3rd party applications.
  • Interarchy is now registering for the bbftp: and bbsftp: protocols.
  • Fixed an issue that prevented the chasing arrows in the Get Info window/inspector from being drawn properly.
  • Fixed a crash that may occur if you dragged-and-dropped a tab onto the sidebar.
  • Adjusted the minimum size of the Transfers window so that you can resize it to the height of one entry.
  • Fixed a crash that would occur if your closed a queue while it was running.
  • Fixed a crash that may occur when text is appended to the Transcript.
  • Fixed a crash that may occur if you deleted an object and then closed the owning window before the delete was complete.
  • Added a preferences to auto-hide/show the Transfers window. See the "Auto Show/Hide Transfers Window" checkbox in the Transfers Preferences Pane.
  • Improved the window titles displayed in the Window menu.
  • Return/Enter key mapping now works in icon and column views.
  • Interarchy will now remember the name given to a new Bookmark in the "Add Bookmark..." sheet.
  • Fixed a bug that would cause the SSH protocol to think a file existed when it didn't.
  • Find should now work.
  • The Cancel button in the "URL Mapping Not Found" dialogue (Copy Public URL) now works with multiple items.
  • Updated the AppleScript Edit With command to use the editors bundle identifier.
  • Fixed a bug that may have prevented drag-and-drop from working in the Side Bar.
  • Interarchy now displays localised names in the Side Bar.
  • Fixed a crash that might occur in when displaying the Interarchy Contextual Menu. Use the "Install Interarchy Contextual Menu" button in the Advanced Preference Pane to install the new version.
  • Fixed a conflict between the keyboard shortcut for "Preview in Safari" and "Show All Bookmarks..." menu items. "Preview in Safari" is now Command-Control-P to match BBEdit. "Show All Bookmarks..." remains Command-Option-B.
  • Updated the green, red and grey blips (Net Disks, Queues, etc) to include higher resolution images. Yah resolution independence! Hopefully one day we will see you.
  • Reduced the size of buttons bar in Net Disks and Queue views.
  • Added a preference to post process downloads. See the "Post process downloads" checkbox in the Transfer Preference Pane.
  • Copy-and-pasting remote files should now behave correctly. It will copy instead of move.
  • The little arrows in the schedule sheet should now work properly.
  • If no protocol is given when entering a url into the address text field the value of the "Preferred protocol" popup menu in the General Preference Pane is now used.
  • You can once again set a source folder for Net Disks. Especially useful if you want a Net Disk to live on a volume other than the boot volume.
  • If you double-click in the background of the Tab Bar a new tab will be created.
  • The SSH protocol will correctly follow symbolic links when downloading a file.
  • If you create a new tab the address text field will once again auto-populate with the target url from the previous tab.
  • Improved the initial window size when you first run Interarchy.
  • Fixed up the copyright text in the About Window.
  • Properly observe the "New windows and tabs open with" popup menu value (see the General Preference Pane) when creating new tabs.
  • Set the default value for the "New windows and tabs open with" popup menu value (see the General Preference Pane) to "New Connection".
  • Improved the reliability of setting permissions via SSH.
  • Interarchy will now properly filter out keyboard modifiers if a menu command is invoked by it's keyboard shortcut.
  • Improved the behaviour of spatial browsing.
  • Added a Show/Hide Status Bar menu item.

Version 9.0 is the latest release for Mac OS X 10.4.11 and later. Versions 4.0 through 8.5.4 of Interarchy incorporated the functionality of many older separate Stairways Software products, including MacTCP Watcher, OTSessionWatcher, Daemon, Finger and others. Network traffic watching and packet display were particularly useful tools for Web developers who want to see watch the interactions between servers and browsers. Unfortunately, version 9 eliminates these tools, which is presents a huge step backward in Interarchy's usefulness.

Interarchy has always had some great features, but their unique combination hasn't always made sense to certain people, primarily those who merely sought a simple, straightforward file transfer application. Interarchy has historically been, rather, a power user's FTP client. In recent years, other FTP clients such as Transmit have continued to refine the FTP experience, while Interarchy more or less struggled with what it should be, trying to be all things to all people. Version 7 significantly raised the bar, cleaning up the interface and its various features considerably, with custom views for each bookmark, and with a Finder-like attention to detail. "Tabbed" FTP browsing - identical to the Web browsing breakthrough that people have grown to love in Mozilla, Firefox and Safari - was a welcome addition, as were customizable toolbars, "icon" views, scheduling, and other niceties. The network analysis tools became prettier, and the package began to feel a bit more cohesive. However, versions 8 and later finally make great strides in bringing all of Interarchy's great power to the masses with an intuitive user interface.

Interarchy has always been a tool that every serious Mac Internet user should consider, and today it's a tool that even the less-serious Mac Internet user will feel at home with.

Through February 29, 2008 Interarchy 9 is available at an introductory price of US $39, with a suggested retail price of US $59 effective March 1, 2008. Registered owners of Interarchy 8.5.4 or earlier can upgrade for the discounted price of US $29.

User Reviews

"I'm convinced, after having used [Interarchy] for 1 hour (I've used 2.0.x and 3.0 in the past) that [it] may be the best Internet application ever on any platform. It has an interface that every Mac application should have, fully greyscale-appearance compliant, no modal dialogs or alerts, live, growable scroll bars, Navigation Services, and it works just like the Finder. It can view web sites as a series of links, it can keychain your FTP site passwords, it can perform Sherlock searches, it can slice, dice and julienne. I am no longer placing Fetch on the ISP software site: all our users should now use [Interarchy]."
—Charlie Saeger

"I have been a registered user of Anarchie for several years and was more than happy with that product. I have been part of the beta test for Interarchy and have been using the various incarnations for the past three months. Interachy is miles ahead of Anarchie, trust me. This is by far the best FTP client on the market. It is a bit pricey, but considering what you get and what it will do, it is more than worth the money."
—Jerry Garrison

"[7.3.2] Back when Interarchy was Anarchie (silly personal bias, but I really liked the old name and dislike the new one) it was my favourite FTP client for quite some time. I loved the ability to perform Archie searches (boy do I miss that, can nothing replace it? Whatever happened to Archie servers?), a lovely user interface and stability. If I could bring back the FTP client I enjoyed back then, Interarchy - despite the silly name - would be my current pick of the bunch. It feels like Stairways Software has lost their way somewhere along the line. I don't want the MS Office of FTP applications. Even Stairways' Kagi hosted web site is a pale image of their old site. It feels like Stairways have lost their groove and it shows in Interarchy."
—Jamie Kahn Genet, 3/10/2005

Submit another review!


InterMapper

Company Page Home Page Release Notes Screen Shots License:
Commercial; See text.

Current Version: 5.3.2 (July 20, 2010)

Dartware (the nucleus of which is comprised of former programmers from Dartmouth College) produces a heck of a lot of great Mac Internet software, and has some interesting commercial offerings. InterMapper is a an AppleTalk and IP network mapping and management tool that provides powerful Internet mapping and SNMP monitoring.

InterMapper is priced by the number of devices that you monitor. Every piece of network equipment (e.g., each router, switch, hub, etc) counts as a device. The total of the devices being monitored determines the license tier you will need. See the pricing page for more details.

Version 5.3 introduced a number of enhancements:

  • Better performance when handling maps with many hidden interfaces: The way we handle maps with thousands or tens of thousands of interfaces has been revamped to be much faster and crisper. These maps used to take many minutes to open; they should now be nearly instantaneous, and they should be much more responsive once open.
  • More powerful interfaces window: The interfaces window is now modeless, which means that you may have multiple such windows open at the same time, and that you may still work with your maps while the windows are open. In addition, the windows are updated at each polling interval so that the data is now live, rather than static. You can now acknowledge and unacknowledge interfaces and can toggle "Allow Periodic Reprobe" behavior from the interfaces window.
  • Many behind-the-scenes improvements in exporting to the InterMapper Database and InterMapper DataCenter: We have made many behind-the-scenes changes to the way InterMapper exports data to the InterMapper Database to improve performance and reliability, especially to prevent the act of exporting from affecting the primary monitoring function of InterMapper. We have also made changes to InterMapper DataCenter to improve performance and reliability.
  • Localization: InterMapper is now available in languages other than English. Please check with sales@dartware.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it to see what languages are currently supported. If translations other than English are available, InterMapper and InterMapper RemoteAccess preferences contain a Language Options panel from which you can choose the language you want to use in the user interface. In InterMapper Datacenter, the first-start wizard includes a locale chooser, with a corresponding chooser on the Settings page.

Version 5.3.2 is primarily a bugfix release.

InterMapper for Mac OS X requires Mac OS X 10.4 or newer. Any computer that can run Mac OS X will easily handle large maps. A minimum of 50 MBytes of disk space is required, although 1 GB or more will allow historical data to be stored. The Mac OS X InterMapper Remote application automatically selects the proper Java VM.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


IP Monitor

Home Page License:
Shareware; $5

Current Version: 1.3.2

IP Monitor is a very small application that displays your current IP address or subnet mask in a floating window, and allows you to easily copy either of these items to your clipboard for use in applications or documents where it is necessary to make this information known to others. It's AppleScript-able, and very handy. Version 1.3.2 implements access to the Remote Access control panel as well as support for menu sharing under Mac OS X.

User Reviews

"A handy little 'essential' for all of us MIS guys who rely on remote access. The Apple-scriptability is marvelous and trouble-free."
—Anthony Vincent

"I wanted to update my web page with an "I am online @ IP xx.xx.xx.xx" [so] I tried IP Monitor. On my '040 Mac it causes system instability. I'm working on tracing down some sort of cure, but if you should hear of others having problems, please post it. It may be a glitch here, not in the software, but the AppleScript works fine and the system stays stable if I don't call IP Monitor."
—Steven M. Palm

Submit another review!


IPNetMonitor

Home Page Release Notes License:
Shareware; see site

Current Version: 2.2.1 (January 30, 1999) / 2.5.3 (July 19, 2004) / 2.5 (April 21, 2010)

IPNetMonitor is an exceptionally well-written program that currently provides 12 useful, integrated network analysis tools: Test Connectivity (Ping), Traceroute, Name Server Lookup, Whois, Finger, Monitor, TCP Info, Connection List, Address Scan, Subnet Calculator, DHCP Lease, and DHCP Test. Its unique features include asynchronous DNS lookups that make traceroute faster and more consistent, the OT-native Monitor tool, and support for the GURL Apple Event.

Although there's no information regarding what's new in version 2.5.3 (the latest release for Power Macs running OS 9.2 and earlier), version 2.5.2 addressed the following:

  • NSLookup: add support for displaying TXT records.
  • TraceRoute, PortScan: log any errors during copy and paste from table.
  • DHCP Test: use specified request address for "DHCP Release" if limit is one.
  • DHCP Test: cache Ethernet HW address so we don't try to quit while getting the address from an Ethernet driver.
  • Whois: update default list of Whois servers.

The Mac OS X version ("IPNetMonitorX") has been re-written from the ground up in Cocoa using native BSD networking.

Version 2.5 of IPNetMonitorX makes the following changes from version 2.4:

  • Startup: wait for network to become available when launched as login item.
  • Startup: restore multiple instance fields correctly when tools are running.
  • DNS Query: added query type SPF;
  • Fix bug: Server Scan Export changing visible action.
  • Fix screen drawing bug in Interface Info tool.
  • Build as 32-bit Universal pending further testing.
  • Remove old registration data from /L/AS/Sustainable Softworks/IPNetMonitorKey when writing new data.
  • Connection List: improve update when host is slow to respond.
  • DHCP Test: allow selecting UDP broadcast for VMWare compatibility ("defaults write com.sustworks.IPNetMonitorX udpBroadcast 1").
  • Prepare Disk Image on 10.5 to preserve background image.
  • Change system requirements to Mac OS X 10.5 or later.
  • Fixed AirPort Signal tool to work on Snow Leopard.
  • DHCP Test - allow setting client hardware address.
  • Remove old registration data from ~/L/AS/Sustainable Softworks/IPNetMonitorKey when writing new data.
  • Fix Connection List to work on Snow Leopard

User Reviews

"Lots of easy to use IP test and monitoring features (Ping, TraceRoute, Address Scan, DNS lookup) wrapped in an elegant interface. There's even a scrolling IP traffic monitor window that's Open Transport compatible. You can open multiple windows for most tools and easily keep an eye on several areas of your network at once. This masterpiece has been continually enhanced over the last year and is well worth the $20 shareware fee."
—Joe Huber

"A first-rate program. As a relative novice struggling with dead and slow connections on the Internet, this has given me a real and rapid education about why and where so I can choose another route instead of just sit waiting and wondering. I like the idea of a date given in the info along with the version number. I was cautious about using this at first because of an "ancient" release note suggesting FreePPP incompatibility. The author calmed my fears (Yes, he was reachable!!! Something uncommon these days of "Internet do-it-yourself help"). The only problem was in installing the program when I chose only the Open Transport option . . . this option needs to be chosen in addition to the program! Chose both and it works like a charm! I'm using System 8 on a PowerMac 6500 with FreePPP and Open Transport 1.2. A must-have. My shareware fee is going in today!"
—Art Giebel

"I've always wanted to know the IP addy of Windoze ICQ users and now I can! Even if they think that they're IP is HIDDEN!!! Totally awesome and a MUST HAVE!!!"
—Jayce Smith

Submit another review!

Download the 680x0 version (2.2.1).
Download the PowerMac version (2.5.3).
Download the Mac OS X 10.4+ (Cocoa / Universal) version (2.5).

Beta:
Version 2.6c1 (May 28, 2010) is now available for Mac OS X (Cocoa / Universal), adding/changing the following:

  • Server Scan: use Scripting Bridge to send Email notifications using Mail.app .
  • Server Scan: added "Shell Sript" action with parameters (location, result).
  • DHCP Test: log timed out responses.
  • Port Scan: update stealth scan (SYN, FIN,...) for Snow Leopard.
  • Build monitor NKE as 32/64-bit Universal.

More information is available in the release notes.


IPNetRouter

Home Page Release Notes License:
Shareware; $100

Current Version: 1.5.4 (March 13, 2001) / 1.6.9 (May 28, 2003) / 1.4 (May 29, 2009)

IPNetRouter is software-based IP router written by Peter Sichel, the author of IPNetMonitor and many other superb Mac OS networking products. IPNetRouter features support of unlimited clients, NAT, DHCP Server, DNS forwarding, Port Mapping, Filtering, and a whole lot more. Although no information is available regarding what's new in version 1.6.9 - the latest release for "Classic" Mac OS - version 1.6.8 added/changed the following:

  • Fixed bug which could cause IPNetRouter to crash when manually disconnecting a PPP connection.

See the IPNetRouter release notes for more specific information.

On top of the features of the "Classic" version, the Mac OS X version (known as "IPNetRouterX") adds IP masquerading (Network Address and Port Translation with inbound port mapping) a DHCP Server, and AirPort configuration to the IPNetSentryX firewall foundation. As such, it provides in kernel single address space AVL search trees for best in class NAT performance with the maturity of a next generation design based on IPNetRouter classic.

Apart from being made as a Universal Binary for native performance on Intel- and PowerPC-based Macs, version 1.3 of IPNetRouterX added a number of significant new features and fixes that are detailed in the online release notes.

Version 1.4 specifically adds/changes the following:

  • First Run Install: pause after copy phase to allow time for file system to stabilize.
  • First Run Install: changed to work the same for non-admin accounts.
  • ICMP: self repair ICMP server connection if it dies unexpectedly.
  • Fixed obscure memory leaks found using Apple's Clang tool.
  • Fixed possible kernel panic when enable transparent proxy to a local server on the gateway.
  • DHCP Server: convert log messages to use \r\n instead of \r as line separator for better SMTP compatibility.
  • Fix Ethernet bridging to configure promiscous mode correctly.
  • Don't load balance packets that have already been redirected using "RouteTo" filter action.
  • Allow "Source Aware Active Open" by checking if a previous connection arrived from the same host.
  • Application launch - skip asking for upgrade if there is a valid upgrade key in the pasteboard.
  • Upgrade - ask user to authenticate to remove old key if necessary when upgrading, so upgrade will override any previous key even if not writable by the currently logged in user.
  • Fix checking for idle time to handle equal comparisons correctly.
  • DHCP Server: fix to recognize messages from Relay Agent that match a Lease Options record.
  • DHCP Server: do not stop server when application quits since it might be running from another instance.
  • Avoid repeated first run install alerts by not trying to install admin only tools when run from non-admin account.
  • Fix possible bug in updating Security Log save to disk interval.
  • Reorganized demo startup to be more consistent and support paid upgrades.
  • Fix possible timing conflict when replacing and authorizing helper tools.
  • DHCP Server: fix to recognize DHCP Requests to a static config address whose lease binding has expired.
  • DHCP Server: fix to accept DHCP Requests from a host that already has the requested IP address when the server has no previous record of that lease binding.
  • Restructure project files to use Subversion based revision control.
  • System Requirements are now 10.4 or later.
  • Note this version may require a paid upgrade.

User Reviews

"IPNetRouter is excellent! Best $50 I've ever spent on shareware. I've been using it for a month to provide Internet access to my LAN of several Macs and PCs via a single IP address and my @Home cable modem. Very stable, great performance and amazingly, doesn't load down the gateway Mac at all. Peter also runs a nice NetTalk mailing list so users can share experiences and support each other."
—Joe Huber

Submit another review!


IPNetSentry

Home Page Release Notes License:
Shareware; see site

Current Version: 1.4.0 (March 9, 2004) / 1.7 (May 29, 2009)

The latest in a long line of network monitoring software from Sustainable Softworks, IPNetSentry is a simple and intelligent security application which protects your Macintosh from outside Internet intruders. This is particularly important for Macintosh users who have cable modem, DSL, or another high-speed Internet service where connections can be maintained and left unattended for hours (or days) at a time. Unlike most other Internet security products, IPNetSentry does not erect barriers for the safe use of your Internet connection. There is no need to "punch holes" in a firewall for specific applications you may wish to run. Instead, IPNetSentry silently and intelligently watches for suspicious behavior, and when triggered, invokes a solid filter which completely bans the potential intruder from your Macintosh.

Version 1.4.0 - the latest version for "Classic" Mac OS - makes the following changes:

  • Added payload inspection support for a second version of the SSLammer worm. This worm is a direct attack on TCP Port 443 and can be a problem for Web* and other servers which are running SSL services.

Version 1.7 - the latest version for Mac OS X - adds/changes the following:

  • First Run Install: pause after copy phase to allow time for file system to stabilize.
  • First Run Install: changed to work the same for non-admin accounts.
  • Increase filter table size to 1000 entries.
  • ICMP: self repair ICMP server connection if it dies unexpectedly.
  • Fixed obscure memory leaks found using Apple's Clang tool.
  • Fix checking for idle time to handle equal comparisons correctly.
  • Avoid repeated first run install alerts by not trying to install admin only tools when run from non-admin account.
  • Fix possible bug in updating Security Log save to disk interval.
  • Fix possible timing conflict when replacing and authorizing tools.
  • Reorganized demo startup to be more consistent and support paid upgrades.
  • Restructure project files to use Subversion based revision control.
  • Fix Ethernet bridging to configure promiscous mode correctly.
  • Application launch - skip asking for upgrade if there is a valid upgrade key in the pasteboard.
  • Upgrade - ask user to authenticate to remove old key if necessary when upgrading, so upgrade will override any previous key even if not writable by the currently logged in user.
  • System Requirements are now 10.4 or later.
  • Release as version 1.7

See the IPNetSentry release notes ("Classic" and Mac OS X) for more information.

User Reviews

"Smooth running and does a great job catching, then blocking, those nasty hacker wannabe's. IPNetSentry even lets you add custom filters to other ports of entry."
—Steve Worth

Submit another review!


IPNetShareX

Home Page Release Notes License:
Shareware; see site

Current Version: 1.0c5 (June 2, 2005)

IPNetShareX (formerly gNAT) is another useful piece of software from Sustainable Softworks, the folks who brought you IPNetMonitor, Tuner, Router and Sentry. From the gNAT home page: "gNAT is a small program designed to give users graphical access to Mac OS X's Network Address Translation (NAT) services without having to use the command line. NAT is a protocol used to share a single internet connection among multiple computers without requiring a dedicated hardware router. gNAT can be used as a Mac OS X alternative to the basic Internet sharing feature of IPNetRouter." Version 1.0c5 adds/changes the following:

  • Fix load_install script to work properly on Tiger.

Use IPNetShareX Pro if you are a commercial organization and/or you may need technical support with this software. Use IPNetShareX if you will be using IPNetShareX in a non-commercial installation AND you will not require technical suppport. IPNetShareX Pro registration is $25.00 and can be immediately ordered online. IPNetShareX registration keys can be obtained at no charge as described in the included documentation. In both cases, you will need a registration key in order to continue running the software after the initial 21 day trial period. You just need to copy and paste the entire XML key file into the registration edit box and click the Accept button.

User Reviews

Currently, no user reviews have been submitted. Send me yours!

Download the standard Mac OS X (Cocoa) version.
Download the "Pro" Mac OS X (Cocoa) version.


IPNetTuner

Home Page Release Notes License:
Shareware; $30

Current Version: 1.5.1 (March 22, 2002) / 1.7 (April 5, 2010)

IPNetTuner (formerly OT Advanced Tuner) is a control panel application (APPC) that allows you to change TCP/IP parameters under OpenTransport. Everything from adjusting TCP/IP window sizes to aborting keepalives is supported. It's the first utility of its type for the Macintosh, and is evidence itself of the many ways OpenTransport provides the Macintosh with one of the most flexible TCP/IP stacks available on any platform.

Version 1.5.1 (for "Classic" Mac OS) fixes a bug with ARP table which may have overwritten the table causing IPNetTuner to crash, as well as a bug with the Local Target popup menu.

The Mac OS X version, known as IPNetTunerX, supports over 20 adjustable parameters, including the TCP Window Size, Time Out intervals, Maximum Segment Size, and MTU. IPNetTunerX is a completely new implementation in Cocoa for the native BSD networking stack. The BSD stack is not as tuneable as Open Transport, but still supports a number of important parameters. The included sample tuning documents along with the Link Rate and TCP Rate tools make it easier than ever to test performance and verify the effect of network tuning.

Version 1.7 of IPNetTunerX - the first release in nearly two years - adds/changes the following:

  • Update AirPort Signal tool to work on Snow Leopard.

IPNetTunerX is a $15 upgrade from the "Classic" version. See the overview page for more information.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


LFT and WhoB

Home Page Release Notes License:
Open source; $0

Current Version: 2.5 (August 24, 2005) / 3.1 (May 13, 2008)

From the LFT/WhoB home page:

"LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filter based firewalls. More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What makes LFT unique? Rather than launching UDP probes in an attempt to elicit ICMP "TTL exceeded" from hosts in the path, LFT accomplishes substantively the same effect using TCP SYN or FIN probes. Then, LFT listens for "TTL exceeded" messages, TCP RST (reset), and various other interesting heuristics from firewalls or other gateways in the path. LFT also distinguishes between TCP-based protocols (source and destination), which make its statistics slightly more realistic, and gives a savvy user the ability to trace protocol routes, not just layer-3 (IP) hops.

"WhoB is a no-frills whois client (see whois(1)) designed to provide everything a network engineer needs to know about a routed IP address by typing one line and reading one line. But even so, it's worth typing a few more lines because WhoB can do lots of other cool things for you! It can display the origin-ASN based on the global routing table at that time (according to Prefix WhoIs, RIPE NCC, or Cymru), the 'origin' ASN registered in the RADB (IRR), the netname and orgname, etc. By querying pWhoIs, WhoB can even show you all prefixes being announced by a specific Origin-ASN. WhoB performs the lookups quickly, the output is easily parsed by automated programs, and it's included as part of the Layer Four Traceroute (LFT) software package. LFT uses WhoB as a framework (and you can too, quite easily--see whois.h). Recent LFT releases (as of version 2.5) include WhoB functionality through a standalone "whob" client/command placed in the LFT binary directory."

Please note that these are command-line utilities for Mac OS X (in other words, they do not have a graphical user interface). This combo is one of only a few command-line utilities I include here on the Orchard, but those who need its functionality are likely to be comfortable with the OS X command line, making this (I hope) a non-issue.

Version 2.5 - the latest release available as an executable binary - added/changed the following:

  • Inclusive of betas 2.32 to 2.4x
  • Added -z option to pseudo-randomize source port
  • Added behavior to automatically select the most appropriate interface based on routing (this was on the most wanted list)
  • Improved OpenBSD compatibility (IP length nonzero)
  • OpenBSD is now detected by autoconf (for configuring the above)
  • Darwin is now detected by autoconf and its definition disables some BSD features to make it compatible with Mac OS X and Darwin
  • LFT now indicates it has reached the target by printing a 'T' character in the status display (if status is enabled)
  • Cleanups were made to the verbose output levels (-VVV)
  • Significantly revamped whois framework makes it easy to include whois functionality into other programs
  • Added -C and -R and -r options to force alternate ASN sources
  • Default ASN source (-A) is now Prefix WhoIs (see pwhois.org)
  • LFT now queries for ASNs in bulk format after completing a trace if pwhois (default), RIPE NCC RIS, or Cymru is selected
  • Added dst/src port autoselection based on user-supplied hostname
  • Vastly improved standalone whois client "whob" see whob.8 (whob manpage)
  • Makefile now installs 'whob' no-frills whois client (try ./whob)
  • "Smart" mode is now referred to as "Adaptive" mode (-E)

Version 3.1 - the latest release, but available only as source code - includes WhoB 2.0, and adds/changes the following:

  • New configure options: --enable-gtod Forces LFT to use gettimeofday() on each packet instead of using the BPF timestamp. This is critical on platforms that have enabled 'fastts' or that do not have high-precision BPF timestamping. --enable-universal generates binaries including both PPC and Intel architecture (for users running Mac OS X/Darwin).
  • Improved compatibility with NetBSD and Darwin/Mac OS X.
  • Added autoconf support for NetBSD.
  • Improved compatibility with older.
  • Updated autoconf bits and pieces.
  • By popular request, reversed the -g option of WhoB. WhoB now uses gigo mode by default unless -g is specified which turns ON its parser and enables the other various options.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Little Snitch

Home Page Release Notes License:
Shareware; $24.95

Current Version: 1.2.4 (January 29, 2007) / 2.2.4 (July 19, 2010)

Little Snitch is a "Trojan horse" detector for Mac OS X. Trojan horses are programs (or aspects of programs) that make network access behind your back to collect statistics about the use of your computer. Trojan horses can be detected by Little Snitch and prevented from transmitting such data. Some highlights:

  • Prevents applications from "phoning home".
  • Protects you from trojans, worms, and other network parasites.
  • Shows which applications send information over the internet.
  • Provides a higher level of security for the paranoid.

Version 2.2.4 - the latest version for Mac OS X 10.4 and later - adds/changes the following:

  • Improved support of restoring from a backup system like Time Machine.
  • Improved automatic IP address update of hostname based rules.
  • The Connection Alert panel adjusts its size to fit long application names.

Version 1.2.4 remains available for Mac OS X 10.2 and Mac OS X 10.3.

Little Snitch functions as a 3-hour, time-limited demo prior to purchase, and quantity discounts are available.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


MacSniffer

Home Page License:
See text.

Current Version: 1.0b1

From the MacSniffer home page: MacSniffer is a front end to the built-in 'tcpdump' packet sniffer on Mac OS X. MacSniffer allows you to view all of the traffic on a network connection, such as ethernet. MacSniffer includes a filter editing interface and a filter library to easily construct and reuse packet filters to view a subset of all the traffic on the connection, such as just that destined for a specific host or port. You can choose the level of detail you want captured, from just the minimal packet headers (showing source and destination hosts and ports) up to a full hex and ASCII dump of the packet contents. MacSniffer can be useful for diagnosing many network problems, debugging client/server programs, and scanning for particular network exploits in real time." When released in final form, MacSniffer will be shareware, $15.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


namebench

Home Page Release Notes Screen Shots License:
Open Source; $0

Current Version: 1.3.1 (June 7, 2010)

namebench is a free open source DNS benchmark utility from Google that searches for the fastest DNS servers available for your computer to use. It's a handy utility for people who find all too often that their Internt experience is marred by "looking up host" delays due to a less-than-responsive set of DNS nameservers.

The software runs a fair and thorough benchmark using your web browser history, tcpdump output, or standardized datasets in order to provide an individualized recommendation. namebench is completely free and does not modify your system in any way.

While no information is available regarding what's new in version 1.3.1 (presumably, it's a bugfix release), version 1.3 made the following enhancements:

  • Ability to upload & share your results online
  • Display DNS server versions and nodenames in the HTML output (mouseover)
  • Graphical interface updated
  • Fast/Slow toggle for health check speed
  • New datasets available (updated Alexa, cache miss, cache hit, cache mix)
  • Direct importation of pcap files generated by tcpdump and wireshark
  • OARC port diversity checks included
  • More consistent timeout settings
  • Updated server listing
  • Updated libraries (dnspython, jinja2)

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Nessus

Company Page Home Page Release Notes License:
Commercial; see text

Current Version: 4.2.2 (April 16, 2010)

The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner. Nessus is currently rated among the top products of its type throughout the security industry and is endorsed by professional information security organizations such as the SANS Institute. It is estimated that the Nessus scanner is used by 75,000 organizations world-wide.

Features include:

  • Up-to-date security vulnerability database - Nessus mostly focuses on the developement of security checks for recent security holes. Its security checks database is updated on a daily basis, and all the newest security checks are available here and can be retrieved with the command nessus-update-plugins. An RSS feed of all the newest security checks allows you to monitor which plugins are added and when.
  • Remote AND local security - Traditional network security scanners tend to focus on the services listening on the network - and only on these. Now that viruses and worms are propagating thanks to flaws in mail clients or web browsers, this conception of security is getting outdated. Nessus has the ability to detect not only the remote flaws of the hosts on your network, but their local flaws and missing patches as well - whether they are running Windows, Mac OS X or a Unix-like system.
  • Extremely scalable - Nessus has been built so that it can easily scale down to a single CPU computer with low memory to a quad-CPUs monster with gigabytes of RAM. The more power you give to Nessus, the quicker it will scan your network.
  • Plug-ins - Each security test is written as an external plugin, written in NASL (see below). This means that updating Nessus does not involve downloading untrusted binaries from the internet. Each NASL plugin can be read and modified, to better understand the results of a Nessus report.
  • NASL - The Nessus Security Scanner includes NASL (Nessus Attack Scripting Language), a language designed to write security test easily and quickly. NASL plugins run in a contained environment on top of a virtual machine, thus making Nessus an extremely secure scanner.

Nessus for Mac OS X is not just a port of the Unix server to the Mac environment; it also bundles a native interface to manage the server and the client. The Mac OS X Nessus Client sports the following features:

  • Session-based - A 'session' is a set of targets, policies and results. A session may contain multiple scan results
  • File-based - Each session is stored as a unique file on disk. This file can then be easily moved around to another host by email, ftp, etc.
  • Multiple scans in parallel - You can create multiple sessions in parallel (File | New) and each session can perform a scan
  • Real-time results - The results can be viewed and worked on in real time
  • Universal Binary - Nessus for Mac OS X natively runs on PPC and Intel CPUs

Nessus 4.2.2 makes the following changes:

  • Nessus-fetch: Proxy issues have been resolved
  • NASL: Fixed a memory leak in the NASL xmlparse() function
  • Networking: Fixed IPv6 routing when talking to a remote host (FreeBSD, Mac OS X)
  • Networking: Packet forgery was not always working on ES5 64 bits
  • Packaging: Fixed the Debian /etc/rc init script
  • Packaging: Upgraded OpenSSL to version 0.9.8n (Windows, Solaris)
  • Stability: Fixed a possible crash when using a badly written custom plugin
  • Stability: Fixed a possible crash when running out of BPFs on Windows

The detailed change log has more information.

The Nessus software itself is free, and 7-day delayed access to vulnerability checks is also available for free to all registered users. "Instant" access to these vulnerability checks - as well as full commercial support - is available under a $1,200 annual subscription agreement. See the Nessus registration page for further details.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Net-SNMP

Home Page Release Notes License:
Open source; $0

Current Version: Binary: 5.0.2 (July 19, 2002) / Source: 5.5 (September 29, 2009)

Note: As of October, 2003, Dartware suspended its efforts to produce a Mac OS X specific version of Net-SNMP. The changes Dartware made to versions 4.2.3 and later to make it work on Mac OS X were incorporated in the production build. The sources on the net-snmp project page now build without problem on Mac OS X. They are available from http://sourceforge.net/project/showfiles.php?group_id=12694.

Net-SNMP for Mac OS X is a Mac OS X version of the open source net-snmp software that makes statistics about a computer available via SNMP. A detailed description of the net-snmp project along with a FAQ and other documentation can be found at the SourceForge site, http://net-snmp.sourceforge.net/. The net-snmp software in this distribution includes an extensible agent, an SNMP library, snmpget, snmpset, snmpwalk and other tools to set or request information from SNMP agents, and tools to generate or handle SNMP traps. The following MIBS are supported in part or in their entirety:

  • MIB-II General network statistics (RFC 1213)
  • UCD agent extensions (processes, disks, memory, load average, shell commands, error handling)
  • Host Resources (RFC 1514) "initial implementation"
  • SNMPv3 MIBs (RFCs 2571-6)

Net-SNMP is released as open-source freeware. net-snmp 5.0 was a significant rewrite and provided many new features, such as allowing Perl scripts to create responses to SNMP queries. The Mac version hasn't seen an official "build" since 2002, but the latest source code is available, and includes instructions for compiling and using under Mac OS X.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


NetBarrier

Company Page Home Page Release Notes Screen Shots License:
Commercial; $69.95

Current Version: "X5" (10.5.6) (December 11, 2009)

Intego, Inc. produces the NetBarrier personal firewall software. Users of version 2.0 or later may update their software by using its built-in update function; users of earlier releases may purchase an upgrade. The "Classic" Mac OS version is no longer available for purchase, although updaters are still available for download (see below).

Features include:

  • Controls incoming TCP/IP traffic and data
  • Controls outgoing TCP/IP traffic and data
  • Offers preset or customized security rules
  • Protects against Trojan Horses
  • Protection against vandal programs
  • Blocks selected applications
  • Alerts you when applications connect to the Internet
  • Audits vandal alerts
  • Protects against intrusions
  • Offers a choice of defense policies
  • Detects wrong passwords
  • Protects against network attacks
  • Protects against ping of death
  • Protects against ping flooding
  • Protects against SYN flooding
  • Protects against port scans
  • Stops unknown packets
  • Controls system resources
  • Provides TCP sequence scrambling
  • Helps control cookies
  • Offers individual cookie control
  • Deletes cache and history files
  • Blocks ad banners
  • Hides the last web site visited
  • Hides browser and platform information
  • Safeguards personal information
  • Filters TCP/IP & AppleTalk stacks
  • Protects against data thieves, hostile java applets, hostile plug-ins

Version 10.5.6 introduces the following new features:

  • This update improves Mac OS X 10.6 Snow Leopard compatibility and addresses a number of other minor issues. This update is recommended for all NetBarrier X5 users.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Net Monitor

Home Page Release Notes Screen Shots License:
Shareware; $10

Current Version: 3.9.5 (December 24, 2005) / 4.5.2 (February 8, 2010)

Net Monitor is an inexpensive shareware application written for Mac OS X (10.1 or later) that graphs network interface throughput in a floating window, the Dock or the Menu Bar. Very simple! As of version 2, the software incorporated the functionality of the previously-separate PPP Monitor application by the same author.

Version 4.5.2 - available for Mac OS X 10.4 and later only - makes the following changes from the previous release (3.9.5 is still available for older Macs):

  • PPP - The system's user/password dialog box is no longer displayed when connection is initiated by the program, unless this option is selected in the preferences.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Net Tool Box

Home Page Release Notes License:
Sharware; £20

Current Version: 3.1 (July 18, 2005)

Net Tool Box is a full set of networking tools for network administrators, software developers and enthusiasts. It can perform all sorts of tasks, from simple DNS resolution to full-blown host interrogation. You can graphically map the location of an IP address, you can traceroute to almost any computer on the Internet, and you can use the terminals to perform protocol analysis and development. Version 3.1 features the following enhancements:

  • [NEW] Rewrote Ping, Ping Scan and Traceroute to work fully x-platform. Windows 98/ME Note: Requires WinSock 2.
  • [NEW] Added a contextual menu (right-click/ctrl-click) for IP addresses. You can now bring up a menu on practically any IP address shown throughout Net Tool Box providing information and options.
  • [NEW] Added preferences option to remember tool presets. This will retain things like timeouts and port ranges betweeen sessions. Also added 'Reset' button in preferences to revert these presets to their defaults.
  • [NEW] Added an 'out-of-date' warning to Mapper on first run. Caida's NetGeo database, which Mapper uses to retrieve network loactions, is no-longer maintained.
  • [CHG] Removed Authorize facility to save a lot of headaches. You can authorise manually still if you'd like. See the FAQ for more info.
  • [CHG] Updated About Box credits.
  • [CHG] Windows: The toolbar is now de-mac-ified. No more aqua stripes and aqua buttons.
  • [CHG] Changed the favorites popup menu to look better x-platform.
  • [CHG] Re-named Rendezvous to 'Bonjour' to comply with Apple's fantastically sensible name-change!
  • [CHG] Changed some toolbar icons. VPN interfaces now have an icon in the interfaces window.
  • [CHG] The "Show WAN Address in Toolbar" option now gets it's IP from the version-checker routine. This means "Show WAN Address" will only work if version checking is enabled. The preferences window has been modified to reflect this change.
  • [FIX] Using keyboard shortcuts for opening Favourites and Preferences windows on OS X no longer shows the application switcher.
  • [FIX] Windows: ARP Table and Netstat are now working.
  • [FIX] Fixed typos on Network Statistics window and Port Updater window.
  • [FIX] "Favorites" is now spelled correctly.
  • [FIX] Mac: ARP Table MAC addresses are now formatted correctly.
  • [FIX] Windows: Console-output in terminals and whois now respect the fixed-width font set in the preferences.
  • [FIX] Statistics Window: Now formats bytes correctly as MB, GB etc.
  • [FIX] Netstat now works on Mac OS X 10.4, Tiger. Unfortunately, Apple have removed the tool used to relate sockets to processes, so for 10.4 and above, the 'Process' column is not available. Hopefully I can find a workaround, to bring the functionality back in the future.

Net Tool Box is a shareware application, approx $35 (£20). It has a 5 minute session timeout, a 3 map-per-session limit and one minute timeouts on NetStat, TrafficWatcher and Packet Watcher sessions. Also, Traffic Watcher can only listen on port 80 (Web) in demo mode.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


NoobProof

Home Page License:
Open source; $0

Current Version: 1.4 (July 20, 2009)

NoobProof (from the authors of WaterRoof) is a free IPFW firewall front end for Mac OS X 10.4 and 10.5 that is designed to be simpler than WaterRoof (requiring only 5 steps to configure).

Version 1.4 adds/changes the following:

  • New more flexible Injector
  • Wizard configuration
  • Block outgoing connections to specific hosts or ips
  • Much more friendly default configuration

A WaterRoof / NoobProof comparison can help you make a decision about which of these free firewall configuration tools is right for you.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Norton Personal Firewall

Company Page Home Page License:
Commercial; $49.95

Current Version: 3.0.3

Symantec Corporation produces Norton Personal Firewall for Mac OS 9 and Mac OS X, a software-based firewall product that is based upon Open Door Networks' DoorStop Personal Firewall.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


ntop

Home Page Release Notes License:
Open source; $0

Current Version: 4.0 (July 22, 2010)

ntop is a free, open source network traffic probe that shows the network usage, similar to what the popular "top" command in UNIX. ntop is based on libpcap. ntop comes with two applications:

  • the 'classical' ntop that sports an embedded web server
  • intop (interactive ntop) is basically a network shell based on the ntop engine.

ntop users can use a a web browser to navigate through ntop (which acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of a web interface; limited configuration and administration via the web interface; and reduced CPU and memory usage make ntop easy to use and suitable for monitoring various kind of networks.

Version 4.0 - the latest source code release of the software - adds/changes the following:

  • Partially rewritten ntop processing engine to address reliability and performance
  • Several bugs and stability issues fixed
  • Added better support for IPFIX and NetFlow v9, as well as ntop PEN (Private Enterprise Number)
  • Added support for Cisco ASA firewalls
  • Added ntop engine scriptability via the python programming language
  • Added RRDalarm plugin for generating alerts based on thresholds
  • Improved google maps integration
  • Enhanced sFlow support

User Reviews

Currently, no user reviews have been submitted. Send me yours!


OTTool

Home Page License:
Freeware

Current Version: 1.2.1

OTTool is a free utility from Neon Software which provides a synopsis of the AppleTalk and IP configuration parameters within Apple Computer's Open Transport networking architecture. In addition, OTTool allows users on IP networks to make Domain Name Server (DNS) queries, ping devices using ICMP Pings, trace IP routes (UNIX traceroute), scan through ranges of IP addresses asking for resolutions, and to query a DNS for Mail Exchange and System Info. Version 1.2.1 fixed a compatibility issue with OS X 10.1 and added more user interface improvements for OS X 10.1.

User Reviews

"This an excellent little tool that does exactly what it says in a neat, simple, intuitive interface. Ideal for Administrators tracing network problems or simply the curious user. Highly recommended."
—Bruce Horrocks

Submit another review!


PacketStream

Home Page Release Notes Screen Shots License:
Shareware; $24.95

Current Version: 3.3 (May 26, 2010)

From the PacketStream home page: "PacketStream provides point-and-click activation of the Mac's built-in network monitoring program, which is usually available only from the command line. By clicking a few buttons, you can monitor data as it streams over your network--especially useful for checking web traffic, network bottlenecks, or even suspicious network activity. All network data is displayed in the application itself, and you can save the data to a file for further analysis later."

Version 3.3 adds/changes the following:

  • Now supports AppleScript and Services.
  • Status icon changes during network scan.
  • Now supports Keychain integration for password.
  • Improved status messages in the main window.
  • Can now show contents of packet data in main window.

The download is a 30-day demo; you can purchase a license to use the program past the 30-day trial period. Mac OS X 10.4 is the minimum supported platform.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Paros

Home Page Release Notes License:
Open source; $0

Current Version: 3.2.13 (August 8, 2006)

Paros is an essential tool for all web application developers and web site security auditors. It is a Java-based HTTP/HTTPS proxy for assessing web application vulnerability, supporting editing/viewing HTTP messages on-the-fly. Features include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections, and more.

Version 3.2.13 adds/changes the following:

  • New: skipping designated URL in spider. Use options to set the spider.
  • New: auto update menu and periodic check for update (Windows and Linux platform only).
  • Fix: the use of new external library caused slower performance of proxy. Restored to older library.

See the installation instructions for more information.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


sunShield

Home Page Release Notes Screen Shots License:
Shareware; $29.95

Current Version: 2.0.3 'L' Pro (November 12, 2007)

sunShield is a preference pane that manages the built-in firewall in Mac OS X (which makes it similar to Flying Butttress / BrickHouse, except that Flying Butttress is a standalone application).

Core features include:

  • PPC and Intel ready
  • Supports IPFW2, shipped with Tiger.
  • Use advanced actions, and advanced protocol options.
  • Easily turn firewall ON / OFF
  • Create all kind of basic or dynamic rules.
  • Lets you also create rule manually, from sunShield's interface.
  • Review dynamic rules, time left and parent rule.
  • Enforce rules based on user sending packet.
  • Enable or disable logging, system wise.
  • Live logs, in sunShield, lets you use ToolRules (sniffing, debugging...)
  • Export rule base to an rc.firewall script, handy to deploy IPFW configuration on BSD compatible systems.
  • Re-order rules with simple drag and drop.
  • Edit rules with a double click on them, right click them to edit as new rule
  • Automatically save and restore rules across reboots.

Apart from being released natively for Intel- and PowerPC-based Macs, version 2.0 Pro adds/changes the following:

  • Edit (and replace) or Edit as a new rule.
  • Import and export a whole ruleset from one file, in one click.
  • Enhanced template support.
  • New interface, bringing better feel when using the pane.
  • New key protocol in order to support demo version. (2.0.2)
  • Two glitches fixed in French interface. (2.0.2)
  • Added: Refresh button on Logging window. (2.0.3)
  • Fixed: Edit as new rule broken. (2.0.3)
  • Fixed: Debug output logged on dynamic rules, even when debug output disabled. (2.0.3)
  • Fixed: A bug introduced with Leopard's build 9a581. The bug is not in Leopard, but in the way sunShield Pro tries to read some system data. (2.0.3 'L')

User Reviews

Currently, no user reviews have been submitted. Send me yours!


throttled

Home Page Release Notes License:
Open source; $0

Current Version: 0.5.1 (February 5, 2009)

throttled is a free, open-source bandwidth shaping application for Mac OS X, FreeBSD, and Linux that allows you to put a cap on your upstream bandwidth and keep your download speeds high even when your server is sending out at full speed. Features include:

  • Allows you to set either a global throttle for all your applications, or multiple throttles with different speeds to guarantee all your servers a certain bandwidth.
  • Allows you to setup priority queues for your network data to guarantee low-latency ssh, telnet, etc connections on your server.
  • Prioritizes TCP ACK packets to allow consistant bandwidth in both directions even under heavy server load.
  • Flag for allowing you to throttle local network addresses 192.168.x.x and 10.x.x.x. (By default, only Internet-bound traffic is throttled)
  • It uses almost no resources. CPU usage is around 0 - 2% and it uses less than 500k of RAM.
  • Source code is freely available, and released under the GPL. Please read the COPYING file in the distribution.

Version 0.5.1 adds/changes the following:

  • This new release provides skipto rules for Bonjour and 10.x.x.x networks which should fix LAN capping issues reported by some users.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Throttled Pro

Home Page Release Notes Screen Shots License:
Shareware; $20

Current Version: 1.5.1 (February 5, 2009)

ThrottledPro is an enhanced, graphical version of the free command-line-driven throttled software. Like its free sibling, it provides bandwidth shaping for Mac OS X that allows you to put a cap on your upstream bandwidth and keep your download speeds high even when your server is sending out at full speed. Features include:

  • Throttled Pro will provide capping services to all machines connected to you through Apple's built in Internet Connection Sharing.
  • Throttled Pro works with Apple's built in firewall. In order to configure the firewall you will need to stop Throttled Pro. After the firewall is configured, turn on Throttled Pro and everything will work just fine.
  • Throttled Pro supports BitTorrent and FTP using the configuration panel. If you use the ports configuration and have "Enable Catch All Rule" checked, then this will work as well.
  • You can setup as many services as you want in Throttled Pro.

Version 1.5.1 adds/changes the following:

  • Updated to use throttled-0.5.1 which fixes LAN capping issues experienced by some users. We now make sure 192.168.x.x, 10.x.x.x, and Bonjour networks are not throttled.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


VisualRoute

Company Page Home Page Release Notes Screen Shots License:
Commercial; see text

Current Version: 14.0d (June 30, 2010)

Visualware Inc. produces VisualRoute, a remarkably nice Java-based ping, whois, and traceroute program that automatically analyzes connectivity problems, displaying the results graphically on a world map. When configured as a server, VisualRoute provides visual traceroute services to web browser clients.

Version 14 ("2010") introduced the following new features:

  • New agent creation procedure (both web & client) - The remote agent creation procedure that allows you to run a traceroute from anywhere in the world to your VisualRoute server has been vastly improved to make it easier to setup and manage.
  • Improved update efficiency - the way the GUI updates and processes during a traceroute has been greatly improved to enhance usability and understanding.
  • Analysis Information - this feature is essentially a history search allowing you to grab any results from either a traceroute or ping plot for a particular IP/host name.
  • Traceroute Ping Plot - a new feature that plots the response times for every hop in a particular traceroute. More information.
  • New user interface.

Version 14.0d makes the following additional changes:

  • eMail address tracing re-added

Pricing ranges from $49.95 for the "Personal" Edition to $395 for the "SupportPro" Edition. The online purchase page has more details. All Mac users can try the free online version. Highly recommended.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


WaterRoof

Home Page License:
Open source; $0

Current Version: 2.2 (September 8, 2009) / 3.0 (January 28, 2010)

WaterRoof (from the authors of NoobProof) is a free IPFW firewall front end for Mac OS X with a easy interface and many options. Features include dynamic rules, bandwidth management, NAT configuration and port redirection, pre-defined rule sets and a wizard for easy configuration. You can also watch logs and graphic statistics. Rules configurations and network options can be saved and optionally activated at boot time.

A WaterRoof / NoobProof comparison can help you make a decision about which of these free firewall configuration tools is right for you.

Version 3.0 adds/changes the following:

  • New interface
  • Two ways to add a new rule: advanced mode and simplified mode with rules translator
  • Ipfw/nat deployment with Injectors
  • Import NoobProof Injector's ipfw configuration
  • New quick reference guide
  • Compatibility with Mac OS X Server 10.5

User Reviews

Currently, no user reviews have been submitted. Send me yours!


WEP Key Maker

Home Page License:
Freeware

Current Version: 1.1

If you're looking into creating a wireless network for your Macintosh, here's a dirty little secret that will save you a great deal of money: Apple's AirPort base station isn't the only wireless access point (WAP) device that AirPort-card-equipped Macintoshes work with. There are many fine 802.11b WAPs available for half the cost of the AirPort base station, and your Mac will work just fine with them, right out of their boxes. You'll find, however, that these devices - by default - come with Wired Equivalent Privacy (WEP) disabled, meaning that data sent between your computer and WAP will be sent in the clear over the airwaves, offering little to no protection from intruders who know how to decipher these signals.

If you want to enable your wireless access point's 40 or 128 bit encryption, you'll probably find an area in its configuration screens that asks you to enter in a series of hexadecimal numbers called a "key." These WEP keys are used by the algorithm that your hardware employs to encrypt your wireless data. They are typically generated by a piece of software. WEP Key Maker is such a piece of software. Download it, enter in some text that tickles your fancy (called a "pass phrase"), and it will generate a 40 bit or 128 bit key you can enter into your WAP's configuration screen.

Once you do this and reboot your WAP, however, you'll note that the next time you try to access your wireless network from your Macintosh, you'll be prompted by the AirPort software to enter a password. Type a dollar sign ($) into the AirPort password field, and then type in (or paste, if you can) the key that WEP Key Maker generated for you, making sure to store this lengthy string of characters in your OS 9 or OS X "keychain" by clicking the corresponding checkbox. Click "OK," and you'll have rejoined your wireless network with encryption fully-enabled.

Apple's AirPort base station makes it unnecessary for end users to deal directly with WEP keys by using a proprietary algorithm to convert passwords to WEP keys on the fly. Fortunately, the "$" prefix trick allows you to use WEP keys instead of these special passwords directly with any AirPort card-equipped Mac, enabling you to hook into just about any standard third-party 802.11b wireless base. While you'll probably only need WEP Key Maker to generate a key for WAP routers that you own or control, remember the "$" trick if you happen to be visiting a company or building that requires encrypted access to its wireless network. Remember, however, that public networks that you are likely to find in hotels or public wireless WANs in large cities typically use no encryption whatsoever, and your AirPort card will detect these and allow you to use them without a password or WEP key of any kind.

WEP Key Maker is the only Macintosh-based WEP key generator that I am aware of, and it's an essential piece of any wireless Mac-head's arsenal of tools. It's not only wonderfully easy to use - it's absolutely free.

Version 1.1 adds/changes the following:

  • Improved hex key quality.
  • Hex key field is now "read only."
  • Pass phrase is now "required."
  • Key length is now restricted to a multiple of 4, less than or equal to 928, consistent with the constraints of the algorithm used.
  • Added a "Window" menu and othewise improved Aqua appearance.
  • Removed window's minimize button to avoid bugs in PowerPlant's event handling under OS X.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


WhatRoute

Home Page Release Notes License:
Freeware

Current Version: 1.8.11 (November 23, 2002) / 1.8.18 (February 6, 2008)

WhatRoute is an OpenTransport-based network analysis application that performs traceroute, ping, dnsquery, finger, whois, address scanning, and more. This program is simple, but it is also truly nice (nice enough so that Apple has made it a standard part of OS 9.1 and later). Version 1.7 - the latest release to significantly alter the feature set - added a tree view plotted of the routes followed that allows comparisons between traces, and routes plotted - where possible - on a world map, a traceroute graph, and a ping distribution window. Version 1.8.11 - for "Classic" Mac OS - is a cleanup of version 1.8.0. The rawrequest application is history and a helper app is included in the WhatRoute bundle.

Version 1.8.18 - the latest Mac OS X release - adds/changes the following:

  • Recompiled and tested on Leopard.

Upon the release of 1.8.15, the author noted: "I am not sure if there is any real need for WhatRoute now that we a vast range of UNIX tools at our disposal. However, I still receive requests for updates and modifications to the software, so I have resurrected the source and fixed many problems that have been brought to my attention in the last 4 years. I don't expect that I will move the entire application to Universal Binary. To do so requires a major re-write and this would not seem to be justified, given that the initial reason I wrote the software was to solve networking problems on a platform that had no tools at all. Times have changed."

User Reviews

"Wow! WhatRoute is really a handy utility. The added Ping and Query options are fun to play with. And the elusive crash-on-close (it happened to me once) is history with 1.3.1. A perfect 10!"
—Benjamin T. Foster

Submit another review!


Whistle Blower

Home Page Release Notes License:
Shareware; $49-90

Current Version: 3.0 (April 1, 2002) / 3.1 (May 6, 2003)

Whistle Blower (formerly Server Sitter) is a network monitoring utility. It's very easy to use and has a simple but elegant interface. It can perform regular checks of your servers and alert you if any of them fail to respond, and it can send email to you or your pager. It can also react to the failure by performing an action. Server Sitter can launch AppleScripts or other files to respond and can also control up to 4 powerkey modules connected to the machine to force restart a hung server. Version 3.1 - for OS 9 and OS X only - addresses the following:

  • Email Cycle Task Send an email and receive the email to check every part of an SMTP/POP system.
  • SMTP Authentication Email alerts and reports can be sent through SMTP servers requiring authentication.
  • HTTP Action Make an http connection in response to an outage.
  • Improved OS X Performance and OS X Only Features:
    • Shell Script Task validate the return from a shell script.
    • Shell Script Action run a terminal command in response to an outage.
    • Log to Syslog Send log entries to the system log.
    • No longer runs as root Easier install no longer requires administrator password.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Who's There? Firewall Advisor

Company Page Home Page Release Notes Screen Shots License:
Commercial; $39

Current Version: 2.3 (October 26, 2009)

Open Door Networks produces the Who's There? Firewall Advisor that works in conjunction with Flying Butttress (BrickHouse), DoorStop and Symantec's Norton Personal Firewall for Macintosh. Who's There? 2.0 is a major upgrade, available standalone or as part of the DoorStop X Security Suite.

Who's There? 2.3 adds/changes the following:

  • Snow Leopard support. Version 2.3 of the products provides full Snow Leopard support, including details and advice regarding Snow Leopard-specific issues. Also bug fixes.
  • iPhone support. Version 2.3 of the products includes information and advice specific to the iPhone and its integration with the Macintosh. The book, newly renamed to include "iPhone" in the title, now has a whole chapter devoted to the iPhone and iPod touch, plus iPhone details throughout.
  • Twitter stream. Security issues change so quickly these days, sometimes a blog isn't even fast enough. So, with 2.3 we've added a Twitter stream too, and integrated it with the products through a new "News" menu. Look for real-time links to evolving Mac and iPhone Internet security issues here.
  • Other enhancements. 2.3 products include a number of other enhancements, such as non-admin user support for the DoorStop X firewall, a much improved geo-location service for the Who's There? Firewall Advisor and information and advice on many new security issues.

User Reviews

Currently, no user reviews have been submitted. Send me yours!


Also See . . .

Can't find what you're looking for? Try a search:

Also, if you have an older Mac, be sure to check out the "Classic" applications page for more options.

Finally, take a look at ALEMIA if you think you know that name of an application, but aren't quite sure.

Related Links

For an interesting and objective third-party view of Apple's networking technology - from MacTCP through Open Transport and beywond - Peter Sichel's Sustainable Softworks page is unparalleled.

Also Consider . . .

These are applications that are newer and of potential interest, but which I haven't yet selected for permanent inclusion. Have a look, and let me know if you think they deserve to be part of the permanent collection!