Snort

Snort is a network-based intrusion detection and prevention system written in C. Snort sniffs network packets on the wire, analyzes packet contents against known attack signatures, and logs any suspicious activities and potential intrusion attempts in a backend database for offline analysis. Snort’s intrusion detection proceeds in steps: packet decoding, protocol-specific preprocessing (e.g., IP defragmentation, TCP/UDP session building, TCP reassembly), inspection (e.g., protocol analysis, payload pattern matching), and output (e.g., syslog, packet dump, UNIX socket). Snort packet acquisition module is pluggable, supporting different packet capture interfaces (e.g., libpcap, AFPacket, IPQ, NFQ, IPFW, PF_RING). Snort can be integrated with other third-party tools, such as Snorby (web-based monitoring front-end), Sguil (event-driven alert analysis), Barnyard (Snort’s binary log processor) and PulledPork (Snort rule manager).


  • Website: https://www.snort.org/
  • Platform: Cross-platform
  • License: GNU GPLv2+ and non-commercial use license for Snort rules
  • Documentation: https://www.snort.org/documents
  • Source repository: git
  • Community: mailing list
  • Features: ,
  • Similar Software

    Bro Bro is an open-source network monitoring and intrusion detection system written in C++. Bro collects live packets via the libpcap interface, analyzes packet contents, generates events from the analys...
    OSSEC OSSEC is an open-source host-based intrusion detection system written in C. In OSSEC, a centralized OSSEC manager stores events sent by the OSSEC agent deployed on individual hosts, and captures syste...
    Suricata Suricata is an open-source intrusion detection and prevention system (IDS/IPS) developed by the Open Information Security Foundation (OISF). It features a modularized and multi-threaded architecture ...
    fail2ban fail2ban is a Python-based intrusion prevention software that can protect various services on Linux. It works by analyzing system and application log files (e.g., /var/log/auth.log, /var/log/apache/e...

    Subscribe to Xmodulo List

    Do you want to receive posts about Linux applications and software recommended by Xmodulo List? Enter your email address below, and we will deliver our recommendations straight to your email box, for free. Delivery powered by Google Feedburner.

    Leave a comment

    Your email address will not be published. Required fields are marked *