IDABench is a framework of Perl scripts that allows the analyst to query packet captures with a number of open source analysis ools. It’s a complementary tool to IDS/IPS to quickly allow queries into captured packets to investigate alerts, incidents or research.
It was written by George Bakos and his team when he was with the Institute for Security Technology Studies at Dartmouth. It’s based on the original Shadow project, which stands for Secondary Heuristics Analysis for Defensive Online Warfare.
Shadow was originally conceived by Stephen Northcutt of the SANS Institute when he was working for the Naval Surface Warfare Ceter and written by Bill Ralph. Shadow is no longer available from the Navy, but Guy Bruneau of whitehats.ca1 maintains it in .iso format along with Snort and other open source tools.
In essence, like Shadow before it, IDABench is a packet audit system. Although IDABench is no longer being developed, the latest stable version (1.0) is still available from ISTS2.
This document is in PDF format. To view it click here.