AiEngine - Packet Inspection Engine

  •        0

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. AIEngine helps network/security profesionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on or use them on the engine automatically.

The main functionalities of AIEngine are:

  • Support for PCRE JIT for regex matching.
  • Support three types of NetworkStacks(lan,mobile and ipv6)
  • Support Sets and Bloom filters for IP searches.
  • Support Linux and FreeBSD operating systems.
  • Support for HTTP,DNS and SSL Domains matching.
  • Support for banned domains and hosts for HTTP, DNS and SSL
  • Frequency analisys for unknown traffic and auto-regex generation.
  • Easy integration with databases (MySQL, Redis, etc...)

https://bitbucket.org/camp0/aiengine

Tags
Implementation
License
Platform

   




Related Projects

netsniff-ng - The packet sniffing beast


netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.

SoftEther VPN - Cross-platform Multi-protocol VPN Program


SoftEther VPN is a ?Cross-platform Multi-protocol VPN Program. It supports SSL-VPN protocol to penetrate any kinds of firewalls. Ultra-optimized SSL-VPN Protocol of SoftEther VPN has very fast throughput, low latency and firewall resistance. Virtualization of Ethernet devices is the key of the SoftEther VPN architecture. It virtualizes Ethernet devices in order to realize a flexible virtual private network for both remote-access VPN and site-to-site VPN.

Ipfcontrol


IPFC is a distributed management solution for security module (firewall, nids). Security module can be packet-filtering (ipfw,netfilter,ipf ...), NIDS or any other servers (syslog...) or embedded devices.

TCPDump - Network Packet Analyzer


TCPDump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture. It prints out a description of the contents of packets on a network interface that match the boolean expression. The Packet Capture library provides a high level interface to packet capture systems. All packets on the network, even those destined for other hosts, are accessible through this mechanism.

Snort - Network Intrusion Prevention and Detection System


Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

packetpy - A network packet inspection and creation library


A network packet inspection and creation library

sniff - network packet sniffer


network packet sniffer

Project-Riddle - Modular Network Packet Sniffer


Modular Network Packet Sniffer

GuptChar - A basic Network Packet Sniffer written in Java


A basic Network Packet Sniffer written in Java

dlpi-sniff - Sniffer (network packet monitor) tool for Solaris utilizing DLPI


Sniffer (network packet monitor) tool for Solaris utilizing DLPI

groinc - Groinc the packet sniffer (C-Raw Network)


Groinc the packet sniffer (C-Raw Network)

Sguil - The Analyst Console for Network Security Monitoring


Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis.

Bro - Network Security Monitor


Bro is a powerful network analysis framework that is much different from the typical intrusion detection system you may know. Bro provides a comprehensive platform for more general network traffic analysis as well.

Packet-Sniffer - packet sniffer for Windows only unfortunately, written in C


packet sniffer for Windows only unfortunately, written in C

Packet Peeper


Packet Peeper is a network protocol analyzer (or 'packet sniffer') for Mac OS X. Its features include TCP stream reassembly, privilege separation, simultaneous capture sessions, filters, Python plugins and support for pcap capture files.

Moloch - Large scale, full packet capturing, indexing, and database system


Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting.

Endian Firewall Community


Endian Firewall Community (EFW) is a "turn-key" linux security distribution that makes your system a full featured security appliance with Unified Threat Management (UTM) functionalities. The software has been designed for the best usability: very easy to install, use and manage and still greatly flexible. The feature suite includes stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spam-filtering f

netbeacon - netbeacon - monitoring your network capture, NIDS or network analysis process


netbeacon - monitoring your network capture, NIDS or network analysis process

sniffer - Packet sniffer using libpcap


Packet sniffer using libpcap