What is Snort?
Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS.
SNORT is an open source network intrusion prevention system capable of performing real-time traffic analysis and packet logging on IP networks. Snort can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort is comprised of two major components: (i) a detection engine that utilizes a modular plug-in architecture (the "Snort Engine") and (ii) a flexible rule language to describe traffic to be collected (the "Snort Rules").NOTE:
Sourcefire Vulnerability Research Team (VRT) Rules are the official rules of snort.org. Real-time access
to VRT Certified Rules Updates requires a paid subscription
. If you are a registered user of Snort.org
, you can get the VRT rules free of charge but 30 days after their initial release date
Other Operating Systems:Libpcap