3.0/10 (3 أصوات )




  • مرات التنزيل: 167
  • متطلبات التشغيل: Linux
  • الحجم: 524KB
  • الترخيص: BSD Free
  • الاصدار :
  • اضيف في: 0000-00-00 00:00:00
  • اخر تحديث: 14/05/2010
  • الموقع علي الانترنت:






Description

"Ourmon is a network monitoring and anomaly detection system"Edit by Brothersoft: Ourmon is a network monitoring and anomaly detection system and displays the data for multiple BPF expressions via RRDTOOL-based graphs. It also helps the user identify various kinds of network anomalies using various flow analysis tools and loggingfeatures: user defined BPFs for mapping BPF expressions to RRDTOOL graphs. supplied BPF expressions for some graphs 256 bytes of each packet captured therefore some L7 info is available L7 info currently includes some hardwired and efficient tags for things like BitTorrent, Gnutella, or UDP SPIM IRC tuples are cross correlated with TCP anomaly data which can lead to the identification of botnets IRC channels are listed and sorted by both"strangeness"and message counts conventional flow stats are included (TCP/UDP/all/ICMP/top pkts) top port information is included top scanner information is included important anomaly detection features include TCP and UDP port reports and the Worm count graph. Ethernet-based and can be trunk (vlan aggregate) based, understands how to ignore 802.1Q tags PCRE tags used for traffic characterization with all flows. IP and DNS blacklists are supported. This means that traffic to/from IP addresses or DNS names known to be evil can be monitored more closely. An experimental threaded facility is available on BSD and Linux only. This means the front-end can be threaded for packet processing speedup. This only makes sense if you have multiple hardware"cores". We have tested it with FBSD 6.X (and Ubuntu linux) on a dual dual-core AMD cpu with an Intel gigabit ethernet card. There is considerable performance improvement when packet loads are mixed (small and large packets). Especially on FBSD. Event log messages especially for security events are improved in the latest release. The new version of the UDP port report, has useful attributes for detection of p2p-based hosts





التعليقات علي ourmon
اضافة تعليق

تعليقات الفيسبوك

تعليقات الموقع