hi All,

I plan to develop an intrusion detection system for educational purpouse and asked for a start in genral programming section , after understanding what an IDS is i will lov to ask some question related to how to go on programming it.(I am confused wether to start new thread or not)

First things first,
I will lov to build an Network Based IDS first and if time is left I will definately lov to add System Integrity verefier(SIV).
so I will keep my discussion to a NIDS only,

The broad steps which I need to take (according to my understanding) are:

1. PACKET SNIFFER:
It logs all the inward and outward traffic

2. ANOMALY DETECTION ON BASIS OF SIGNATURE:
I dont know how can this be done so plss help

3. TAKING ACTION:
* This could either be reporting to admin
* To block the access.

now some question(I know there are some great guys here) :

##the above mention design dosent look perfect could u plss suggest some thing.

## I hav not began coding so if u suggest any good advice i will change my approch

##the choice of programming language : should i stick to c, or go toward scripting language like pearl php etc... what r usefull libraries like libcp or how can tcpdump be used.


##It would be so nice of u guys if u can suggest details related to steps esp 1st and 2nd one.
give some insight on how the things are done in real.

## Point to some Code that could be helpfull

I would be happy if i could detect port scan attack and DDOS attack at this instant of time.

P.S : I am new to programming related to networking
and the present aim of my IDS is to understand the basic concepts and by gods grace if it turns out to be a nice on then its great

P.P.S: I am new to this forum so I am yet to explore so It fully.