Ntop provides easily digestible graphs and tables showing current and past network traffic, including protocol, source, destination, and history of specific transactions as well as the hosts on either end. Ntop leverages the aforementioned RRDTool to provide an impressive array of network utilization graphs, including trends, and incorporates a plug-in framework for an array of add-ons, such as NetFlow and sFlow monitors.

Ntop even has an RPC framework that can be used to provide native data arrays to a wide variety of languages. If you wanted to consistently reference a specific set of packet capture data from Perl or PHP, for example, it's as simple as referencing a native array exported from Ntop at the time of the procedure call. I've found this infinitely useful in a wide variety of applications.

One of the main uses of Ntop is on-the-spot traffic checkups. When one of my Cacti-driven PHP Weathermaps suddenly shows a collection of network links running in the red, it tells me that those links exceed 85 percent utilization, but it doesn't tell me why. By switching to an Ntop process watching that network segment, I can quickly pull a minute-by-minute report of the top talkers and immediately know which hosts are responsible and what traffic they're pushing.

That kind of visibility is invaluable, and it's very easy to come by. Essentially, you can run Ntop on any interface that's been configured at the switch level to monitor another port or VLAN. That's really it.

Pancho (www.pancho.org)
Pancho is a simple Perl script that reaches out to Cisco routers and switches and pulls down a current copy of the running configuration. When run at set intervals, it allows admins to keep instant backups of router and switch configurations, which can be terribly valuable when things go pear-shaped and nobody thought to write down some specific configuration information for an edge router.

Pancho hasn't been under active development since 2005, but that hasn't been a problem so far. In fact, barring fundamental changes in Cisco IOS, Pancho's latest and last release may be completely functional for years to come.

There's not really much more to say about Pancho. It takes all of five minutes to configure and use, and as long as you properly secure the downloaded configurations, there's very little risk involved. In a nutshell, you risk more by not using Pancho.

Snort/Base (www.snort.org)
The Snort IDS has been available as an open source tool for 10 years now. In fact, it was so successful that it developed into a viable commercial tool with support from Sourcefire, but the open source version is still actively developed and available.