Capabilities

Snort is an open-source intrusion prevention system offered by Cisco. It is capable of real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort can be used as a packet sniffer like tcpdump, a packet logger (useful for network traffic debugging, etc), network file logging device (capturing files in realtime from network traffic), or as a full blown network intrusion prevention system. The mission for Snort is to deliver the most effective and comprehensive real-time network defense solutions on the planet. Snort can be deployed inline to stop these packets, as well. Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger — which is useful for network traffic debugging, or it can be used as a full-blown network intrusion prevention system. Snort can be downloaded and configured for personal and business use alike.