Wireshark and Packet Capture provided us with a view into network traffic and how much of it exists. How can a Security Analyst effectively use wireshark to detect attacks in real time? IDSs are poised to alleviate those short comings, A properly deployed IDS can provide a secure measure to detect network attacks based on their signature. The short comings of IDSs are that, it can really only help you against known attacks. Anything that is new is still hard to detect. Until someone creates a signature pattern to look for.
In the coming weeks, we will discuss IDSs as the technology. We will also attempt to install Snort IDS on a PC. And then we will make an effort to write some signature for simple network patterns to see if they can provide alerts on that type of behaviour.
Even I tried reading the CISSP book to know what is more industry based preference either Signature or anamoly based.But actually there is no perfect answer to it and it specifically mentions that it depends on organization culture and regulations under which it is working.There is no ids which can be ultimate superior and also carry its own advantage and disadvantages