COMMENT= "security analyst network connection profiler" This is a network security tool designed to collect statistical information regarding network traffic, as well as, collect the traffic itself in pcap format, all for the purpose of: auditing, historical analysis, and network activity discovery. Rules can be used to distinguish normal from abnormal traffic and support tagging connections with: rule id, node id, and status id. >From an intrusion detection standpoint, every connection is an event that must be validated through some means. Sancp uses rules to identify, record, and tag traffic of interest.
http://secure.lv/~nikns/stuff/ports/sancp-1.6.1.tar feedback and corrections appricated.