$Id: README,v 1.15 2008/10/17 17:25:30 jayrfink Exp $

README File for NetWard

ABOUT
-----
NetWard is a small packet watching program that has several mechanisms to
watch, manipulate and react to tcpip data at the packet level. NetWard itself
can perform the following:

o Packet Sniff -- Sniff tcpip packets similar to (but not as much printed
  detail) tcpdump.

o Report Basic Errors -- NetWard can detect small simple errors. Many wire
  errors would actually show up as alarms.

o Detect Basic Common Alarms -- Out of the box NetWard will detect dos
  (mostly SYN) style packets and has the capability to alarm at a warning
  or critical level on virtually traffic type, any port, any IP.

o Provide Flexible Rulesets -- Out of the box a small anti-dos ruleset is 
  configured, however, a user can write their rule sets in a file readable
  by NetWard which uses a ipf/pf like syntax (see rules.txt).

o Uses libpcap filtering -- Using libpcap and netfilter a user can filter
  what packets to monitor using the libpcap filter rules.

o Event Handler by IP Script -- NetWard supports calling a single command
  or script based upon a warning or critical, NetWard passes the IP address
  automatically.

There are plans on new features over the next year or so; see the TODO file
for plans small and large.

INSTALLATION
------------
Before building you might want make changes to the installation paths
and default file handle locations in the Makefile and config.h
respectively.

Make sure libpcap and libraries are installed!

on linux kernel based systems:
	cd netward-src
	make linux && make install

on FreeBSD systems:
	cd netward-src
	make freebsd && make install

on Darwin (osX/MAC/whatever it is...) you need to change the optimizer to
be completely turned off. In the Makefile change:

 -O2 

to

 -O0

The version of gcc that ships with the developer package is broken as all hell.

NOTES
-----
- Fusion guests running Linux refuse to switch into promisc mode.
  This is a problem with Fusion - not Linux or netward (or pcap).
- On regular vmware guests, run netward as root not sudo.
- FreeBSD guests work fine in GSX and Fusion.

AUTHORS
-------
Jason (Jay) R. Fink
<jay.fink@gmail.com>
http://systhread.net/about/resume.html

CREDITS
-------
A special thanks goes to all of the following:

The Denial of Service software was originally written for *dosdetect* by:
- Krzysztof Pawlowski <msciciel@darkzone.ma.cx> - Author & Developer
- Bartosz Ponurkiewicz <cz00bek@wp.pl> - Developer

- Steve Dickinson does continous testing on debian, freebsd, darwin plus
  vmware guests.

- The entire tcpdump/libpcap team (http://www.tcpdump.org/) without whom
  none of this would be possible (or it would look really ugly...)

- Sourceforge for hosting CVS
