Package: wnpp Severity: wishlist Owner: Lars Bahner <[EMAIL PROTECTED]>
* Package name : sancp Version : 1.6.1 Upstream Author : John Curry [ john dot curry at metre dot net ] * URL : http://www.metre.net/sancp.html * License : QPL Description : network security tool designed to collect statistical information from network traffic I am querying upstream for a new license. This is a network security tool designed to collect statistical information regarding network traffic, as well as, collect the traffic itself in pcap format, all for the purpose of: auditing, historical analysis, and network activity discovery. Rules can be used to distinguish normal from abnormal traffic and support tagging connections with: rule id, node id, and status id. >From an intrusion detection standpoint, every connection is an event that must be validated through some means. Sancp uses rules to identify, record, and tag traffic of interest. 'Tagging' a connection is a new feature since v1.4.0 Connections ('stats') can be loaded into a database for further analysis. Sancp rules control three types of logging for a connection: pcap, stats, and realtime 'pcap' refers to packet data collected on the connection in tcpdump format, 'stats' refers to a single line summary of an entire connection once it is 'closed' 'realtime' is a snapshot of 'stats' based on the initial packet, for immediate reporting. Both 'stats' and 'realtime' contain a number of fields used for recording packet statistics, TCP flags, p0f data, and other vitals about how we handle the connection. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]