Network intrusion prevention and detection system
Combining database signatures with anomaly-based scanning, Snort is capable of detecting unwanted intrusions and features real-time analysis and alerts. In order to work properly, the application requires WinPcap, a tool that provides direct packet access, allowing it to read raw network data.
Having a Snort sensor up and running requires solid command line, network protocol functioning and IDS knowledge, thus beginner users might need to take their time to go through the documentation in order to learn how things work.
The application can be used as a packet sniffer and logger, monitoring the network traffic in real-time, displaying the TCP/IP packet headers and recording the packets to a logging directory or a database (MySQL, Oracle, Microsoft SQL Server, and ODBC are supported). However, the real power of Snort resides in its intrusion detection capabilities, since it can analyze network traffic and warn you about unusual events, vulnerabilities or exploits.
The user customizable rules are similar to a firewall application and define the behavior of Snort in the IDS mode. You can set them up by editing the configuration file, which can also include application-specific rules (for SMTP e-mail connections, SSH and so on).
The program analyzes the sent and received packets and determines whether any of them represent a possible threat. The packets that trigger rules can be logged in ASCII or binary format, the latter being recommended for keeping up with a fast LAN.
Snort benefits from large community support with significant contribution to the rule database, which guarantees its reliability. Whether you use it for real-time traffic analysis and logging or as an IDS / IPS appliance, it is a powerful network security tool that professional users are surely to appreciate.
Reviewed by Mihaela Citea, last updated on October 28th, 2014
In a hurry? Add it to your Download Basket!
What's New in This Release:
- New additions:
- Application Identification Preprocessor, when used in conjunction with open app ID detector content, that will identify application protocol, client, server, and web applications (including those using SSL) and include the info in Snort alert data. In addition, a new rule option keyword 'appid' that can be used to constrain Snort rules based on one or more applications that are identified for the connection.
- A new protected_content rule option that is used to match against a content that is hashed. It can be used to obscure the full context of the rule from the administrator.
- Protocol Aware Flushing (PAF) improvements for SMTP, POP, and IMAP to more accurately process different portions of email messages and file attachments.
Application descriptionSnort is a powerful network intrusion prevention system, capable of performing real-time traffic analysis an...