Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods.
It can perform real-time traffic analysis, alerting, blocking and packet logging on IP networks. It utilizes a combination of protocol analysis and pattern matching in order to detect a anomalies, misuse and attacks. It detects a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort uses a flexible rules language to describe activity that can be considered malicious or anomalous as well as an analysis engine that incorporates a modular plugin architecture. Snort is capable of detecting and responding in real-time, sending alerts, performing session sniping, logging packets, or dropping sessions/packets when deployed in-line.
Key Features
- 3 primary functional modes:
- Packet Sniffer like tcpdump.
- Packet logger (useful for network traffic debugging etc).
- Full blown network intrusion, detection, and prevention system.
- Performs TCP stream reassembly.
- Stateful protocol analysis.
- Handles IP dedragmentation.
- Logs the full packets when alerts are generated.
- Support multiple packet processing threads.
- Use a shared configuration and attribute table.
- Use a simple, scriptable configuration.
- Make key components pluggable.
- Autodetect services for portless configuration.
- Support sticky buffers in rules.
- Autogenerate reference documentation.
- Provide better cross platform support.
- Facilitate component testing.
- Use a shared network map.
Website: www.snort.org
Support: Documentation, GitHub Code Repository
Developer: Cisco Systems
License: GNU General Public License v2.0
Snort is written in C++. Learn C++ with our recommended free books and free tutorials.
Related Software
| Network Intrusion Detection Systems | |
|---|---|
| Snort | Intrusion detection/prevention with real-time traffic analysis/packet logging |
| Suricata | High performance Network IDS, IPS and Network Security Monitoring engine |
| Zeek | (formerly Bro) Powerful network analysis framework |
| Mailtrail | Lightweight malicious traffic detection system |
| Security Onion | Platform built by defenders for defenders |
| Kismet | Wireless intrusion detection, wireless network and device detector, and more |
| psad | Intrusion detection and log analysis with iptables |
| Sagan | Multi-threads, high performance log analysis engine |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |