SNORT
SNORT
http://www.snort.org/
Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more. Snort has three primary uses: as a straight packet sniffer like tcpdump(1), as a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in either tcpdump(1) binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the "foreign" host. It should work any place libpcap does. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. It also has real-time alerting capabilities.
Documentation
User FAQ available from http://www.snort.org/; see same URL for complete list of documentation; user manpage included in the distribution
IRC development channel- irc://irc.linux.com/snort
Related Projects
Download
Download 
version 2.3.3
(stable)
released on 22 April 2005
VCS Checkout
Categories
Licensing
| License | Verified by | Verified on | Notes |
|---|---|---|---|
| GPLv2 | Janet Casey | 3 July 2001 |
Leaders and contributors
| Contact(s) | Role |
|---|---|
 Martin Roesch | Maintainer |
Resources and communication
| Audience | Resource type | URI |
|---|---|---|
| Support | Mailing List Info/Archive | http://lists.sourceforge.net/mailman/listinfo/snort-users |
| Developer | VCS Repository Webview | http://sourceforge.net/cvs/?group_id=3357 |
| Bug Tracking | mailto:roesch@clark.net | |
| Help | Mailing List Info/Archive | http://lists.sourceforge.net/mailman/listinfo/snort-announce |
| Bug Tracking,Developer | Mailing List Info/Archive | http://lists.sourceforge.net/mailman/listinfo/snort-devel |
Software prerequisites
| Kind | Description |
|---|---|
| Required to use | libpcap |
| Required to build | libpcap |
This entry (in part or in whole) was last reviewed on 19 July 2005.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.
The copyright and license notices on this page only apply to the text on this page. Any software described in this text has its own copyright notice and license, which can usually be found in the distribution itself.