Snort is a network-based intrusion detection and prevention system written in C. Snort sniffs network packets on the wire, analyzes packet contents against known attack signatures, and logs any suspicious activities and potential intrusion attempts in a backend database for offline analysis. Snort’s intrusion detection proceeds in steps: packet decoding, protocol-specific preprocessing (e.g., IP defragmentation, TCP/UDP session building, TCP reassembly), inspection (e.g., protocol analysis, payload pattern matching), and output (e.g., syslog, packet dump, UNIX socket). Snort packet acquisition module is pluggable, supporting different packet capture interfaces (e.g., libpcap, AFPacket, IPQ, NFQ, IPFW, PF_RING). Snort can be integrated with other third-party tools, such as Snorby (web-based monitoring front-end), Sguil (event-driven alert analysis), Barnyard (Snort’s binary log processor) and PulledPork (Snort rule manager).
Subscribe to Xmodulo List
Do you want to receive posts about Linux applications and software recommended by Xmodulo List? Enter your email address below, and we will deliver our recommendations straight to your email box, for free. Delivery powered by Google Feedburner.