---------------------------------------------------------------------------- >I get the sense that freeware is now lagging the commercial market, in terms >of available features. Freeware tends to lag; there's less incentive for the authors to keep things up to date and they often have "real jobs" and other hassles. For IDS, you might want to take a look at NFR. It's freely available in source code form, from www.nfr.net. There's a white paper on what it does and how it works on: http://www.nfr.net/forum/publications/LISA-97.htm The NFR by itself isn't an IDS -- it's kind of the ultimate bottom half of an IDS, with a strong forensic capability and historical statistics built in. I think it rocks, but I'm biassed. :) NFR can easily be used for simple ID, by programming it to look for certain types of events/changes in the network, new networks, protocols, etc. Full source and docs are on the website for free non-commercial and research use. Enjoy! mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr