Home → IPCAD

IP accounting daemon Stable release
22 April, 2007 SourceForge.Net Project: http://sourceforge.net/projects/ipcad
Source tarball: ipcad-3.7.3.tar.gz
172k

IPCAD stands for IP Cisco Accounting Daemon. It runs in background, listens traffic on the specified interfaces, and records the traffic for later retrieval and analysis. IPCAD can use raw BPF devices, PCAP library, divert, tee or Linux iptables' ULOG & IPQ packet sources to capture the packets.

IPCAD is featured in The Tao of Network Security Monitoring book by Richard Bejtlich (look it up at Amazon.com)

Richard's TaoSecurity Blog :: Notes on IPCAD

Статья о настройке IPCAD в журнале "Системный администратор".

IPCAD can export collected information using rsh or NetFlow.

  • Uses BPF, libpcap divert, tee or Linux ULOG & IPQ for traffic snooping
  • RSH, NetFlow and console output in Cisco-like fashion
  • RSH access lists
  • Address aggregation support for RSH and NetFlow.
  • UDP/TCP/SCTP ports handling
  • Dynamic interfaces (PPP, VPN) support

    Requires:

  • At least Berkeley packet filter or libpcap library.

    Runs on FreeBSD, OpenBSD, Linux, MacOS X/Darwin, Solaris.

  • Docs:Manual pages, README and well-commented sample configuration file.


    SourceForge.net Logo Lev Walkin
    lionet.info