Quick and dirty Snort log analyzers (sed, awk, uniq, sort, etc may be just as good at massaging):
In reading the recently released Computer Security Incident Handling Guide from NIST I was informed that incidents against critical infrastructure can be reported to the National Infrastructure Protection Center which is part of the Department of Homeland Security. They have a handy form for submitting incident details at http://www.nipc.gov/incident/cirr.htm. Why is that page not HTTPS by default?
Historically I have used Xfig to draw network diagrams. It is quite an old vector drawing program but gets the job done well. Most recently I used it to draw the network diagram in my SANS GCFW paper. I’m currently working on my SANS GCIA and want to draw a diagram that contains network device icons (I had used mainly rectangle shapes to symbolize machines in my GCFW paper) for a bit more polished look. In searching for *nix programs for network topology maps I ran into the article Creating Network Diagrams that compares four programs: Dia, Tgif, Tkined, and Xfig. The author rated the default Xfig library fairly well, and upon further investigation of the other programs, Xfig contained the most mature iconsets for everything I was looking for.
There was a recent thread on the pen-test list about replaying 802.11 (rfmon) pcaps with tcpreplay. The problem encountered is that tcpreplay wants an 802.3 ethernet header (1.5beta6 let’s you “fake it” however, using the -2 flag to create an ethernet header, the pcap has to be IP header onwards). A poster to the list cobbled together wifi2eth.c as a solution.