Software that performs packet sniffing and network traffic analysis to identify suspicious activity and record relevant information.
Source(s):
NIST SP 800-86