Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS.
Note to Windows users: If youâ€™re downloading Snort binaries the only requirements areÂ WinPcap and Barnyard.
In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.
Monitoring software may use libpcap and/or WinPcap to capture packets traveling over a network. libpcap and WinPcap also support saving captured packets to a file and reading files containing saved packets. Snort uses these files to read network traffic and analyze it.
For more information and to download please visitÂ tcpdump
Perl Compatible Regular Expressions (PCRE) is a regular expression C library inspired by Perlâ€™s external interface, written by Philip Hazel. TheÂ PCREÂ library is incorporated into a number of prominent open-source programs such as the ApacheÂ HTTPÂ Server, theÂ PHPÂ and R scripting languages, and Snort.
For more information and to download please visitÂ PCRE
Libnet is a generic networkingÂ APIÂ that provides access to several protocols.
For more information and to download please visit libnet
Barnyard is a output system for Snort. Snort creates a special binary output format called “unified.â€™â€™ Barnyard reads this file, and then resends the data to a database back-end. Unlike the database output plugin, Barnyard manages the sending of events to the database and stores them when the database temporarily cannot accept connections.