DESCRIPTION

Snort is an open source network intrusion detection system, capable of
performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis and content searching/matching in order to
detect a variety of attacks and probes, such as buffer overflows, stealth port
scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort uses a flexible rules language to describe traffic that it should collect
or pass, as well as a detection engine that utilizes a modular plugin
architecture. Snort has a real- time alerting capability as well,
incorporating alerting mechanisms for syslog, user specified files, a
UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.

Snort has three primary functional modes. It can be used as a straight
packet sniffer like tcpdump(1), a packet logger (useful for network traffic
debugging, etc), or as a full blown network intrusion detection system.

Snort logs packets to many formats, including tcpdump(1) binary format or
Snort's decoded ASCII format to a hierarcical set of directories that are
named based on the IP address of the remote host.

Plugins allow the detection and reporting subsystems to be extended. Available
plugins include database or XML logging, small fragment detection, portscan
detection, and HTTP URI normalization, IP defragmentation, TCP stream
reassembly and statistical anomaly detection.