NetMate is a flexible and extensible network measurement tool (meter). It can be used for accounting, delay/loss measurement, packet capturing, and much more. The main advantage over other existing tools is that it can be easily extended due to its modular (class-based) structure and dynamic loadable packet processing and information export modules. It also has fast and flexible packet classifier that can be easily extended with new packet filter attributes. A GUI for controlling multiple meters and displaying measurement results is currently under development. NMRSh is the Netmate Remote Shell, which allows you to remote control netmate meters.
The Network Traffic based Application Identification (netAI) tool identifies which end host applications are responsible for observed network traffic flows. Unlike previous solutions that identify applications based on port numbers or packet payload information, netAI computes various payload-independent features and uses machine learning to classify the traffic. Before netAI can be used to classify a particular application it must be trained on a representative set of traffic flows.
CCHEF (Covert Channels Evaluation Framework) is a software framework for empirically evaluating covert channels in network protocols running under Linux. CCHEF can be used in real networks with real overt traffic, but can also emulate covert channels using overt traffic from trace files. CCHEF was mainly designed for research purposes, but not to be (mis)used for real covert channel communication. Therefore, the sender/receiver application is a normal user space programs and not disguised in any way.
DIFFUSE enables FreeBSD's IPFW firewall subsystem to classify IP traffic based on statistical traffic properties. With DIFFUSE, IPFW computes statistics (such as packet lengths or inter-packet time intervals) for observed flows, and uses ML (machine learning) techniques to assign flows into classes. In addition to traditional packet inspection rules, IPFW rules may now also be expressed in terms of traffic statistics or classes identified by ML classification. This can be helpful when direct packet inspection is problematic (perhaps for administrative reasons, or because port numbers do not reliably identify classes of applications). DIFFUSE also enables one instance of IPFW to send flow information and classes to other IPFW instances, which then can act on such traffic (e.g. to prioritize, accept, or deny) according to its class. This allows for distributed architectures, where classification at one location in your network is used to control firewalling or rate-shaping actions at other locations.