Develop firewall test tools if your firewall product does not come with these capabilities. Types of firewall test tools include:
- network traffic generators (such as SPAK (Send PAcKets), ipsend, or Ballista)
- network monitors (such as tcpdump and Network Monitor)
- port scanners (such as strobe and nmap)
- vulnerability detection tools (there are a range of commercial tools available from various vendors)
- intrusion detection systems such as NFR2 (Network Flight Recorder) and Shadow3
Refer to Detecting Signs of Intrusion , specifically identifying data that characterise systems and aids in detecting signs of suspicious behaviour and the supporting implementation "Identify tools that aid in detecting signs of intrusion."
You can also use free network based tools.
