Snort

Description

Snort is the foremost open-source Intrusion Prevention System (IPS) in the world. It is an open-source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort is freely downloadable from the Snort home page, with the difference between the free and commercial versions being the rulesets used by the tool. Ruleset annual pricing is $29.99 for individuals or $399 per sensor for businesses. You can run a Snort sensor on the community ruleset, but you get the latest updates 30 days after paid subscribers do.

Tool Type

• Intrusion Prevention System (IPS)
• Intrusion Detection System (IDS)
• Network protocol analyzer

More Information

• Your starting point for rule creation, tool installation, and troubleshooting documentation is the official Snort documentation page
• Learn more about creating rules with this step-by-step illustrated guide, including a tip for viewing packet captures via Wireshark
• Another guide to installing and configuring Snort and all the necessary support tools from LinuxHint
• A tutorial on how to read and write Snort rules, focusing on learning how to evade the system