Intrusion Detection Toolkit: Network Tools
Some of the primary tools of security and network administrators alike are network analysis tools. These include network sniffers, intrusion detection software, and network analyzers.
A network sniffer is software that passively listens to traffic received and sent by a network interface. The workhorse sniffer of choice is TCPDump. TCPDump is simple enough that beginners can learn it quickly yet powerful enough to provide the necessary functionality for multiple protocols in multiple situations. Using TCPDump, it's possible to view traffic in numerous formats including ASCII and use expressions to fine-tune the exact traffic to be viewed through the tool.
TCPDump is manual and primitive intrusion detection ...