Snort (software)
   HOME

TheInfoList



Click Here for Items Related To - Snort (software)
OR:
Snort (software) on:   [Wikipedia]   [Google]   [Amazon]

Snort is a free
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
network intrusion detection system (IDS) and intrusion prevention system (IPS) created in 1998 by Martin Roesch, founder and former CTO of
Sourcefire Sourcefire, Inc was a technology company that developed network security hardware and software. The company's Firepower network security appliances were based on Snort, an open-source intrusion detection system (IDS). Sourcefire was acquired ...
. Snort is now developed by
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...
, which purchased Sourcefire in 2013. In 2009, Snort entered
InfoWorld ''InfoWorld'' (abbreviated IW) is an information technology media business. Founded in 1978, it began as a monthly magazine. In 2007, it transitioned to a web-only publication. Its parent company today is International Data Group, and its siste ...
's Open Source Hall of Fame as one of the "greatest ieces ofopen source software of all time".


Uses

Snort's open-source network-based intrusion detection/prevention system (IDS/IPS) has the ability to perform real-time traffic analysis and packet logging on
Internet Protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. ...
(IP) networks. Snort performs protocol analysis, content searching and matching. The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts,
semantic URL attack In a semantic URL attack, a client manually adjusts the parameters of its request by maintaining the URL's syntax but altering its semantic meaning. This attack is primarily used against CGI driven websites. A similar attack involving web bro ...
s,
buffer overflow In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. Buffers are areas of memo ...
s,
server message block Server Message Block (SMB) is a communication protocol originally developed in 1983 by Barry A. Feigenbaum at IBM and intended to provide shared access to files and printers across nodes on a network of systems running IBM's OS/2. It also provides ...
probes, and stealth port scans. Snort can be configured in three main modes: 1. sniffer, 2. packet logger, and 3. network intrusion detection.


Sniffer Mode

The program will read network packets and display them on the console.


Packet Logger Mode

In packet logger mode, the program will log packets to the disk.


Network Intrusion Detection System Mode

In intrusion detection mode, the program will monitor network traffic and analyze it against a rule set defined by the user. The program will then perform a specific action based on what has been identified.


Third-party tools

There are several third-party tools interfacing Snort for administration, reporting, performance and log analysis: * Snorby – a
GPLv3 The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general u ...
Ruby on Rails Ruby on Rails (simplified as Rails) is a server-side web application framework written in Ruby under the MIT License. Rails is a model–view–controller (MVC) framework, providing default structures for a database, a web service, and we ...
application * BASE *
Sguil Sguil (pronounced ''sgweel'' or ''squeal'') is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts. The sguil client is written in Tcl/ Tk and can be run on any operating system ...
(free)


See also

*
List of free and open-source software packages This is a list of free and open-source software packages, computer software licensed under free software licenses and open-source licenses. Software that fits the Free Software Definition may be more appropriately called free software; the GNU ...
* Sigma * Suricata (software) *
YARA Yara may refer to: People * YARA (girl group), a Filipino girl group * Yara (given name) * Yara (surname), a Japanese surname * Yara (singer) (born 1983), Lebanese pop singer * Yara (footballer) (born 1964), Brazilian footballer Locations * Y ...
*
Zeek Zeek is a free and open-source software network analysis framework. Vern Paxson began development work on Zeek in 1995 at Lawrence Berkeley National Lab. Zeek is a network security monitor (NSM) but can also be used as a network intrusion detect ...


References


External links

*
Snort Blog

Talos Intelligence

Grabify Alternatives to IP Logger
{{DEFAULTSORT:Snort (Software) Free security software Computer security software Linux security software Unix network-related software Lua (programming language)-scriptable software Intrusion detection systems