Shoki is a free, open source network intrusion detection system for conducting traffic analysis.

The fundamental design goals of shoki are:

Major features include:

Additional features include:

Mailing List

A mailing list exists for general discussion of the design and implementation of the shoki NIDS. You can subscribe to the mailing list here.


The readme from the distribution. It contains information about the requirements for installing shoki, as well as the tricks and traps involved in getting it set up at this stage of development.
The changelog from the distribution.
User's Guide
The shoki users guide, which includes installation instructions, configuration instructions, and additional details about shoki.
Packet Hustler Documentation
Documentation and screenshots of hustler(1), a 3D GUI for visualisation of packet data.
Man Pages
HTML versions of the man pages
Network Symbology
Information about the peculiar network symbols used in the shoki documentation (and the logo)


You can download the latest shoki release from the project's homepage at .


Any and all comments, questions, and suggestions are welcome. Don't hesitate to send mail to or directly to the primary author

SourceForge Logo

[Shoki Homepage] []