Snort - Network Intrusion Prevention and Detection System

Snort is open source network Intrusion Prevention and Detection System (IDS/IPS). It is based on libpcab ( that is library packet capture).

Libpcab, PCRE, Libnet and barnyard software packages are required to run the snort.

Snorts can be run in three modes -

1. Sniffer mode : Reads the packets off of the network and display in console.

2. Packet Logger mode : Logs the packets to disk.

3. Network Intrusion Detection System (NIDS) mode: Complex and configurable mode, snort analyze the network traffic against the user defined rules and perform various actions.

Snort monitors the computer/network in real time and when it detects any suspicious behaviour, it sends alert to syslog or pops up windows.