I have a toolkit (actually two, as I keep Windows and Linux tools separate) that has dozens and dozens of tools in it. Many I've tried out for a day or two, some I use on a semi-regular basis, and some I've never even found the time to install yet. But every network security analyst has, or should have, their core essentials.
If they run a distro on a thumb drive for emergency use, these would undoubtedly be on it. They are probably installed on every test box and personal box they have access to.
Mine as as follows (in no particular ranking or order...)
- nmap - You have to have a port scanner, and year in and year out, Fyodor keeps making nmap better to the point that I've never changed. I've tried a bunch of others, but nmap continues to be the most stable and dependable scanner I've ever tried. (Unicornscan WAS fun, I'll admit... smokin'!)
- hping - You also need a packet crafting tool.. in this area, I think there are several really good ones, including scapy and Nemesis, but I like hping the best for it's simplicity and functionality.
- netcat - netcat does just about anything you need it to do as far as sending and receiving packets. It's called the "swiss army knife" of network tools for good reason. Need encryption? Get crypcat instead of or in addition to.
- ngrep - Ngrep is a libpcap tool that searches for strings in packets. If you're doing traffic analysis, it's almost indispensable.
- dsniff - This suite of tools by Dug Song includes dsniff that searches traffic for logon credentials, as well as tools to sniff for web pages, files, mail and chat. There are also tools to do man in the middle attacks on SSH and HTTPS, as well as a nifty sniping tool to shoot down traffic.