Perhaps a server is sending out more HTTP activity than usual or a new host has been seen inside your DMZ.Both are typically deployed in the same manner, though one could make the case you could easily (and people have) create an anomaly-based IDS on externally-collected netflow data or similar traffic information.While it does many cool things out of the box many of those things aren't immediately actionable and may be difficult to interpret.Summary: Just as Snort became the standard for network intrusion, Kismet is the baseline for wireless IDS.Though then it really wasn't a true IDS, its destiny had been written.
IDS will tell you an employee was using Gtalk, uploading to Box, or spending all their time watching Hulu instead of working. I'm sure everyone remembers 1998 as the year a version of Windows came out but it was also the year that Martin Roesch first released Snort.
Want to download files seen on the wire, submit them for malware analysis, notify you if a problem is found then blacklist the source [no longer available] and shutdown the user's computer who downloaded it?
Want to track the usage patterns of a user after they've contacted an IP from a reputation database?
Wireless IDS deals less with the packet payload but more with strange things happening inside the wireless protocols(mostly 802.11) and functions.
WIDS will find unauthorized Access Points (Rogue AP Detection), perhaps one created by an employee accidentally(yes, I've seen that) that opens a network up.
HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes.