Courtney is a tcpdump based portscan threshold detector written in perl as a response to SATAN. It operates by counting the number of new services a machine originates within a time window. If the threshold is exceeded by a host, it is flagged as a potential "SATAN" host. Results depend on your configuation of tcpdump, so this could potentially be used to detect any type of traffic that exceeds a certain threashold of events per unit of time (such as SYNs per minute).
e7b9d192fbac80a0226b6bd25a87a9307a71419ea1d3e85f4e869343ee6e59a4