SANCP (Security Analyst Network Connection Profiler) is a network security tool designed to collect statistical information regarding network traffic, as well as, collect the traffic itself in pcap format, all for the purpose of: auditing, historical analysis, and network activity discovery. Rules can be used to distinguish normal from abnormal traffic and support tagging connections with: rule id, node id and status id. From an intrusion detection standpoint, every connection is an event that must be validated through some means. Sancp uses rules to identify, record, and tag traffic of interest.
... part of T2, get it here
URL: https://www.metre.net/sancp.html
Author: John Curry <john [dot] curry [at] metre [dot] net>
Maintainer: The T2 Project <t2 [at] t2-project [dot] org>
License: OpenSource
Status: Beta
Version: 1.6.1b
Download: http://sancp.sourceforge.net/ sancp-1.6.1.tar.gz
Download: http://sancp.sourceforge.net/ sancp-1.6.1.fix200511.a.patch
Download: http://sancp.sourceforge.net/ sancp-1.6.1.fix200511.b.patch
Download: https://trac.prelude-ids.org/attachment/ticket/91/ sancp-1.6.1-prelude-3.diff?format=raw
T2 source: sancp.cache
T2 source: sancp.conf
T2 source: sancp.desc
Build time (on reference hardware): 5% (relative to binutils)2
Installed size (on reference hardware): 0.16 MB, 13 files
Dependencies (build time detected): 00-dirtree binutils coreutils diffutils findutils gnutls grep libgcrypt libgpg-error libpcap libprelude libtasn1 libtool linux-header make patch sed sysfiles tar zlib
Installed files (on reference hardware):
[show]
1) This page was automatically generated from the T2 package source. Corrections, such as dead links, URL changes or typos need to be performed directly on that source.
2) Compatible with Linux From Scratch's "Standard Build Unit" (SBU).