1 Sancp is a network security tool designed to collect
2 statistical information regarding network traffic, as
3 well as, collect the traffic itself in pcap format, all
4 for the purpose of: auditing, historical analysis, and
5 network activity discovery. Rules can be used to distinguish
6 normal from abnormal traffic and support tagging connections
7 with: rule id, node id, and status id. From an intrusion
8 detection standpoint, every connection is an event that must
9 be validated through some means. Sancp uses rules to identify,
10 record, and tag traffic of interest. 'Tagging' a connection
11 is a new feature since v1.4.0 Connections ('stats') can be
12 loaded into a database for further analysis.
14 WWW: http://www.metre.net/sancp.html