Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more. Snort has three primary uses: as a straight packet sniffer like tcpdump(1), as a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in either tcpdump(1) binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the "foreign" host. It should work any place libpcap does. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. It also has real-time alerting capabilities.
DocumentationUser FAQ available from http://www.snort.org/; see same URL for complete list of documentation; user manpage included in the distribution
- IRC development channel
released on 22 April 2005
|License||Verified by||Verified on||Notes|
|GPLv2||Janet Casey||3 July 2001|
Leaders and contributors
Resources and communication
|Support||Mailing List Info/Archive||http://lists.sourceforge.net/mailman/listinfo/snort-users|
|Developer||VCS Repository Webview||http://sourceforge.net/cvs/?group_id=3357|
|Help||Mailing List Info/Archive||http://lists.sourceforge.net/mailman/listinfo/snort-announce|
|Bug Tracking,Developer||Mailing List Info/Archive||http://lists.sourceforge.net/mailman/listinfo/snort-devel|
|Required to use||libpcap|
|Required to build||libpcap|
This entry (in part or in whole) was last reviewed on 19 July 2005.