Snort

Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods.

It can perform real-time traffic analysis, alerting, blocking and packet logging on IP networks. It utilizes a combination of protocol analysis and pattern matching in order to detect a anomalies, misuse and attacks. It detects a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Snort uses a flexible rules language to describe activity that can be considered malicious or anomalous as well as an analysis engine that incorporates a modular plugin architecture. Snort is capable of detecting and responding in real-time, sending alerts, performing session sniping, logging packets, or dropping sessions/packets when deployed in-line.

Snort

License GNU GPL v2 Developer Sourcefire Inc. Website www.snort.org Requirements libpcap Support: Snort Documentation, Forums, Snort Rules, FAQ, Project of the Month, December 2010 Selected Reviews: Techworld

Features include:

• 3 primary functional modes
• Packet Sniffer like tcpdump
• Packet logger (useful for network traffic debugging etc)
• Full blown network intrusion, detection, and prevention system
• Performs TCP stream reassembly
• Stateful protocol analysis
• Handles IP dedragmentation
• Logs the full packets when alerts are generated

Last Updated Sunday, March 04 2012 @ 12:37 PM EST