Name : sancp
| |
Version : 1.6.1
| Vendor : Mandriva
|
Release : 1mdv2007.1
| Date : 2006-10-23 18:53:08
|
Group : Networking/Other
| Source RPM : sancp-1.6.1-1mdv2007.1.src.rpm
|
Size : 0.18 MB
| |
Packager : Iurt the rebuild bot < warly_mandriva_com>
| |
Summary : Security Analyst Network Connection Profiler
|
Description :
This is a network security tool designed to collect statistical information regarding network traffic, as well as, collect the traffic itself in pcap format, all for the purpose of: auditing, historical analysis, and network activity discovery. Rules can be used to distinguish normal from abnormal traffic and support tagging connections with: rule id, node id, and status id. From an intrusion detection standpoint, every connection is an event that must be validated through some means. Sancp uses rules to identify, record, and tag traffic of interest. \'Tagging\' a connection is a new feature since v1.4.0 Connections (\'stats\') can be loaded into a database for further analysis.
Sancp rules control three types of logging for a connection: pcap, stats, and realtime \'pcap\' refers to packet data collected on the connection in tcpdump format, \'stats\' refers to a single line summary of an entire connection once it is \'closed\' \'realtime\' is a snapshot of \'stats\' based on the initial packet, for immediate reporting Both \'stats\' and \'realtime\' contain a number of fields used for recording packet statistics, TCP flags, p0f data, and other vitals about how we handle the connection.
|
RPM found in directory: /vol/rzm6/linux-mandriva/official/2007.1/i586/media/contrib/release |