Snort (software)
   HOME

TheInfoList



OR:

Snort is a free
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
network intrusion detection system (IDS) and intrusion prevention system (IPS) created in 1998 by Martin Roesch, founder and former CTO of Sourcefire. Snort is now developed by
Cisco Cisco Systems, Inc. (using the trademark Cisco) is an American multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, s ...
, which purchased Sourcefire in 2013. In 2009, Snort entered
InfoWorld ''InfoWorld'' (''IW'') is an American information technology media business. Founded in 1978, it began as a monthly magazine. In 2007, it transitioned to a Web-only publication. Its parent company is International Data Group, and its sister pu ...
's Open Source Hall of Fame as one of the "greatest ieces ofopen source software of all time".


Uses

Snort's open-source network-based intrusion detection/prevention system (IDS/IPS) has the ability to perform real-time traffic analysis and packet logging on
Internet Protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. IP ...
(IP) networks. Snort performs protocol analysis, content searching and matching. The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, semantic URL attacks, buffer overflows,
server message block Server Message Block (SMB) is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network. On Microsoft Windows, the SMB implementation consists of two vaguely named Windows ...
probes, and stealth port scans. Snort can be configured in three main modes: 1. sniffer, 2. packet logger, and 3. network intrusion detection.


Sniffer Mode

The program will read network packets and display them on the console.


Packet Logger Mode

In packet logger mode, the program will log packets to the disk.


Network Intrusion Detection System Mode

In intrusion detection mode, the program will monitor network traffic and analyze it against a rule set defined by the user. The program will then perform a specific action based on what has been identified.


Third-party tools

There are several third-party tools interfacing Snort for administration, reporting, performance and log analysis: * Snorby – a
GPLv3 The GNU General Public Licenses (GNU GPL or simply GPL) are a series of widely used free software licenses, or ''copyleft'' licenses, that guarantee end users the freedom to run, study, share, or modify the software. The GPL was the first ...
Ruby on Rails application * BASE * Sguil (free)


See also

*
List of free and open-source software packages This is a list of free and open-source software (FOSS) packages, computer software licensed under free software licenses and open-source licenses. Software that fits the Free Software Definition may be more appropriately called free software; ...
*
Sigma Sigma ( ; uppercase Σ, lowercase σ, lowercase in word-final position ς; ) is the eighteenth letter of the Greek alphabet. In the system of Greek numerals, it has a value of 200. In general mathematics, uppercase Σ is used as an operator ...
* Suricata (software) * YARA * Zeek


References


External links

* {{DEFAULTSORT:Snort (Software) Free security software Computer security software Linux security software Unix network-related software Lua (programming language)-scriptable software Intrusion detection systems