SNORT

Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more.

Snort has three primary uses: as a straight packet sniffer like tcpdump(1), as a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in either tcpdump(1) binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the "foreign" host. It should work any place libpcap does.

Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. It also has real-time alerting capabilities.

Last updated 19 Jul, 2005


User level: Submit a level

User Rating:

Homepage

License(s) :

GPLv2

Rate it!

 

About

Leadership
Requirements
  • libpcap (Use Requirement)
  • libpcap (Build Prerequisite)
Related Projects

RazorBack, Snort-rep, libpcap, mod_security, scanlogd, tcpdump

Subprograms

See, /contrib/README, file, in, the, distribution, for, complete, list

Versions

2.3.3

2.3.3 stable released 2005-04-22

User Community and Support

User FAQ available from http://www.snort.org/; see same URL for complete list of documentation; user manpage included in the distribution

General Resources
Announcement Resources
Support Resources

Development

Developer Resources
Bug Tracking Resources
 

Please send comments on these web pages to bug-directory@fsf.org, send other questions to info@fsf.org.

Copyright © 2000 - 2009 Free Software Foundation, Inc., 51 Franklin Street, 5th Floor, Boston, MA 02110-1301, USA

The copyright licensing notice below applies to this text. Any software described in this text has its own copyright notice and license, which can usually be found in the distribution itself.

Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts.