IDABench

IDABench is a Web interface to many intrusion analysis tools. By the use of simple plug-ins, it allows an analyst to twist and turn hourly packet logs through such utilities as tcpdump, ngrep, tethereal, etc. Output is textual web pages, gnuplot graphs, and downloadable composite binary dumpfiles. Based on the US Navy's SHADOW intrusion detection system, IDABench simplifies the writing of tcpdump filters, allows regular- expression context matching, and through a simple plugin API, can be extended to include other libpcap- based analysis tools, such as Snort, p0f, etc.