Snort
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate "alert" file, or even to a Windows computer
via Samba.
This package provides the plain-vanilla version of Snort and does not
provide database (available in snort-pgsql and snort-mysql) support.
Canonical does not provide updates for snort. Some updates may be provided by the Ubuntu community.