SnortÂ® is an open source network intrusion prevention and detection system (IDS/IPS) developed byÂ Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS.
Snort is capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Note to Windows users: If youâ€™re downloading Snort binaries the only requirements areÂ WinPcap and Barnyard.
In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.
Monitoring software may use libpcap and/or WinPcap to capture packets traveling over a network. libpcap and WinPcap also support saving captured packets to a file and reading files containing saved packets. Snort uses these files to read network traffic and analyze it.
Perl Compatible Regular Expressions (PCRE) is a regular expression C library inspired by Perlâ€™s external interface, written by Philip Hazel. TheÂ PCREÂ library is incorporated into a number of prominent open-source programs such as the ApacheÂ HTTPÂ Server, theÂ PHPÂ and R scripting languages, and Snort.
Libnet is a generic networkingÂ APIÂ that provides access to several protocols.
Barnyard is a output system for Snort. Snort creates a special binary output format called “unified.â€™â€™ Barnyard reads this file, and then resends the data to a database back-end. Unlike the database output plugin, Barnyard manages the sending of events to the database and stores them when the database temporarily cannot accept connections.