Snort

Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine. Snort has a real-time alerting capability, with alert mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.

Tags

analysis bsd c detection ethernet firewall hacking ids infosec inline intrusion ips ipv4 ipv6 linux logging monitoring network networking osx packet-analyzer packetcapture packetfiltering packet-inspection packetinspection packets pcap security sguil sniffer snort snortrules ssh sysadmin tcp tcpdump tcpip technology tools unix utilities vlan web windows