This guide for network and system administrators, security managers, and software developers describes the author's approach to network security. Network security monitoring (NSM) combines auditing, vulnerability assessment, intrusion detection and prevention, and incident response to overcome the limitations of devices such as firewalls and intrusion detection systems. Security consultant Bejtlich explains how to use a variety of open-source tools to mine network traffic for data and describes best practices for evaluating monitoring vendors and deploying an NSM architecture. Tools for generating arbitrary packets, manipulating traffic, and conducting reconnaissance are also evaluated.