GreedyDog is the ethernet packet sniffer for Linux, FreeBSD, OpenBSD, NetBSD, Solaris2, SunOS4, AIX, HP-UX, IRIX, MacOSX, and Windows2000/Xp. GreedyDog keeps stream of each TCP session and writes to logfile. So, to make a session stream, it is not necessary to reconstruct the packets which are fragmented, logfile can be analysed very easily. This feature is useful to log the comparatively large session such as telnet. Administrator can watch the telnet session of remote user as one stream unit until the connection close, if cracker makes telnet session to other network by way of administrated network, gdd can log all activities of cracker as one stream that includes other network. Furthermore, gdd have IDS function based on "grep&action".gdd monitors session stream, if suspicious action is detected, gdd executes specified action



http://www.shadowpenguin.org/sc_toolbox/unix/gdd/index.html