SNORT® is an open source network intrusion prevention system capable of performing real-time traffic analysis and packet logging on IP networks. Snort can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort is comprised of two major components: (i) a detection engine that utilizes a modular plug-in architecture (the “Snort Engine”) and (ii) a flexible rule language to describe traffic to be collected (the “Snort Rules”).
The Snort Engine is distributed both as source code and binaries for popular Linux distributions and Windows. It’s important to note that the The Snort Engine and Snort Rules”> are distributed separately, but should be used together.
We strongly recommend that you keep pace with the latest production release. Snort is evolving all the time and to stay current with latest detection capabilities you should always have both your Snort engine and ruleset up to date.
Click here to view the source code and binary distributions.