views:

292

answers:

2

i am planning to implement a NIDS (netw intrusion detection system) in d java programming language on a very small basis...

well after searching i found 2 libraries for it..

1) Jpcap

2) jNetPcap

which one should i use..and y..?

which is more preferrable to use...?

+2  A: 

It appears development has stopped on Jpcap. Their last release was 2007. In contrast, jNetPcap has had very recent releases. The underlying libpcap C library that they both wrap has continued to evolve, so I would go with jNetPcap for that reason.

On the other hand, libpcap is a fairly simple API. If you are comfortable with C, then you may gain performance advantages by using the library directly instead of going through a Java wrapper. Something to consider, anyway.

Rob H
+2  A: 

One simple idea I've had for network intrusion was to listen for messages on the braodcast IP address. New comers to the network may likely need an IP address from the DHCP server. If this is so, then they will have to send out a broadcast that a DHCP server will respond to . You could write a program that sits on client A and displays popups whenever it hears something on the broadcast address.

darren
but how wil that make it a intrusion system..?i didnt get u darren..can u please elaborate on what u said..
veenit33