Iplog - yet another host based logger

Ippl - a daemon which logs IP packets sent to a computer. It runs in the background, and displays information about the incoming packets. Criteria can be used to specify what packets should be logged and what packets should be ignored.

Jail - Just Another IP Logger

Protolog - another logging tool that gives you more info about the packets headed your way

PortSentry - a program designed to detect and respond to port scans against a target host in real-time. It runs on TCP and UDP sockets and works on most UNIX systems. Advanced stealth detection modes are available under Linux only and detect SYN, FIN, NULL, XMAS, and Oddball packet scans. All modes support real-time blocking and reporting of violations.

Tcplogd - probably my favorite listener at the moment for detecting nmap, stealth, and queso scans

Tcpdstats - breaks up the log file into an easily readable table by destination host, protocol, source host and number of connections from that source. This is very handy when you need to look at look files from many different machines. Simply redirect all your logfiles to a centralized location via syslog and run tcpdstats against them.

These tools are descendents of Wietse Venema's TCP Wrapper program that allowed sytem administrators to log and provide access control to incoming connection requests handles through inetd.  These daemons differ based on the type of packets they detect (SYN, FIN, NULL, XMAS, etc.), the logging mechanism (binary, ASCII, syslog), and the amount of information they provide about the incoming packet(s).  Sentry is the only tool below that provides automated response capabilities so that would be attackers may find their IP address added to a host.deny file, blocked via ipfwadm/ipchains or the routing table.