Maltrail is a malicious traffic detection system used for network intrusion detection. It consists of a network intrusion sensor for monitoring interfaces, a threat intelligence aggregator for syncing blacklists, and a detection engine that identifies security threats through signature matching and heuristic attack patterns. The system distinguishes itself through a distributed sensor architecture that collects traffic data from multiple remote probes and forwards events to a central analysis server. It employs heuristic behavioral analysis to identify unknown threats, such as port scanning o
Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a
Wireshark is a network protocol analyzer and traffic inspector used for capturing and inspecting network traffic. It functions as a packet capture tool that intercepts live data from network interfaces and a TCP/IP dissector that decodes network protocol layers to translate raw binary packets into human-readable fields. The system provides capabilities for protocol stream reconstruction, grouping related packets into cohesive conversations between endpoints. It also operates as a packet file converter, allowing for the reading, modification, and conversion of network capture files across vari