ourmon

Ourmon is a network monitoring and anomaly detection system
Download

ourmon Ranking & Summary

Advertisement

  • Rating:
  • License:
  • BSD
  • Publisher Name:
  • jimbinkley
  • Publisher web site:
  • Operating Systems:
  • Linux
  • File Size:
  • 524KB

ourmon Tags


ourmon Description

Advertisement ourmon is a Security software developed by jimbinkley. After our trial and test, the software is proved to be official, secure and free. Here is the official description for ourmon: Ourmon is a network monitoring and anomaly detection system and displays the data for multiple BPF expressions via RRDTOOL-based graphs. It also helps the user identify various kinds of network anomalies using various flow Analysis tools and logging features: user defined BPFs for mapping BPF expressions to RRDTOOL graphs. supplied BPF expressions for some graphs 256 bytes of each packet captured therefore some L7 info is available L7 info Currently includes some hardwired and efficient tags for things like BitTorrent, Gnutella, or UDP SPIM IRC tuples are cross correlated with TCP anomaly data which can lead to the identification of botnets IRC channels are listed and sorted by both "strangeness" and message counts conventional flow stats are included (TCP/UDP/all/ICMP/top pkts) top port information is included top scanner information is included important anomaly detection features include TCP and UDP port reports and the worm count graph. Ethernet-based and can be trunk (vlan aggregate) based, understands how to ignore 802.1Q tags PCRE tags used for traffic characterization with all flows. IP and DNS blacklists are supported. This means that traffic to/from IP addresses or DNS names known to be evil can be monitored more closely. An experimental threaded facility is available on BSD and Linux only. This means the front-end can be threaded for packet processing speedup. This only makes sense if you have multiple hardware "cores". We have tested it with FBSD 6.X (and ubuntu linux) on a dual dual-core AMD cpu with an Intel gigabit ethernet card. There is considerable performance improvement when packet loads are mixed (small and large packets). Especially on FBSD. Event log messages especially for security events are improved in the latest release. The new version of the UDP port report, has useful attributes for detection of p2p-based hosts


ourmon Related Software

About SoftwareSea