SANCP (Security Analyst Network Connection Profiler) is a network security tool designed to collect statistical information regarding network traffic, as well as, collect the traffic itself in pcap format, all for the purpose of: auditing, historical analysis, and network activity discovery. Rules can be used to distinguish normal from abnormal traffic and support tagging connections with: rule id, node id and status id. From an intrusion detection standpoint, every connection is an event that must be validated through some means. Sancp uses rules to identify, record, and tag traffic of interest.
Author: John Curry <john [dot] curry [at] metre [dot] net>
Maintainer: The T2 Project <t2 [at] t2-project [dot] org>
Download: http://sancp.sourceforge.net/ sancp-1.6.1.tar.gz
Download: http://sancp.sourceforge.net/ sancp-1.6.1.fix200511.a.patch
Download: http://sancp.sourceforge.net/ sancp-1.6.1.fix200511.b.patch
Download: https://trac.prelude-ids.org/attachment/ticket/91/ sancp-1.6.1-prelude-3.diff?format=raw
Build time (on reference hardware): 5% (relative to binutils)2
Installed size (on reference hardware): 0.16 MB, 13 files
Dependencies (build time detected): 00-dirtree bash binutils bzip2 coreutils diffutils findutils gcc glibc gnutls grep libgcrypt libgpg-error libpcap libprelude libtasn1 libtool linux-header make mktemp patch sed sysfiles tar zlib
Installed files (on reference hardware):
1) This page was automatically generated from the T2 package source. Corrections, such as dead links, URL changes or typos need to be performed directly on that source.
2) Compatible with Linux From Scratch's "Standard Build Unit" (SBU).