NetState is a distributed Intrusion Detection System that develops profiles of network traffic and attempts to identify abnormal behavior patterns, as well as to provide status information about the network. Two major features provided by NetState are:
Multiple NetState Sniffers can be deployed, one at each entry point of the target network. The sniffers monitor network traffic, gather information about network sessions and software versions, and send the information about the sessions to the NetState Server, where it is stored in a centralized database. The information can then be accessed via standard SQL database queries or via a web-based GUI, for further analysis and display. NetState currently runs on Linux and FreeBSD platforms, and is compatible with the PostgresSQL and MySQL database servers.
