Snort

Description

Snort is the foremost open-source Intrusion Prevention System (IPS) in the world. It is an intrusion prevention system capable of real-time traffic analysis and packet logging. Snort is freely downloadable from the Snort home page, with the difference between the free and commercial versions being the rulesets used by the tool. Ruleset annual pricing is $29.99 for individuals or $399 per sensor for businesses. You can run a Snort sensor on the community ruleset, but you get the latest updates 30 days after paid subscribers do.

Tool Type

• Intrusion Prevention System (IPS)
• Intrusion Detection System (IDS)
• Network protocol analyzer

More Information

• Your starting point for rule creation, tool installation, and troubleshooting documentation is the official Snort documentation page
• Learn more about creating rules with this step-by-step illustrated guide, including a tip for viewing packet captures via Wireshark
• Another guide to installing and configuring Snort and all the necessary support tools from LinuxHint
• A tutorial on how to read and write Snort rules, focusing on learning how to evade the system
• Another guide to running Snort, whether as an Intrusion Prevention System or a simple packet sniffer

Sample Use/Screenshots

• 

  Here is the man page's opening, showing just the available options for running Snort

• 

  A sample of /var/log/snort/snort.alert.fast output from a recently started Snort instance

• 

  A sample of Snort rules, this from the bad-traffic default rules

Similar Tools

• AIDE
• ESET Protect Advanced
• OSSEC
• SolarWinds Security Event Manager
• Zeek