1999-08-02 10:14:11 +00:00
|
|
|
Snort is a libpcap-based packet sniffer/logger which can be used as a
|
|
|
|
|
lightweight network intrusion detection system. It features rules based logging
|
|
|
|
|
and can perform content searching/matching in addition to being used to detect
|
|
|
|
|
a variety of other attacks and probes, such as buffer overflows, stealth port
|
|
|
|
|
scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting
|
|
|
|
|
capabilty, with alerts being sent to syslog, a seperate "alert" file, or even
|
|
|
|
|
to a Windows computer via Samba.
|
|
|
|
|
|
|
|
|
|
Packets are logged in their decoded form to directories which are generated
|
|
|
|
|
based upon the IP address of the remote peer. This allows Snort to be used as
|
|
|
|
|
a sort of "poor man's intrusion detection system" if you specify what traffic
|
|
|
|
|
you want to record and what to let through.
|
|
|
|
|
|
|
|
|
|
For instance, I use it to record traffic of interest to the six computers in
|
|
|
|
|
my office at work while I'm away on travel or gone for the weekend. It's
|
|
|
|
|
also nice for debugging network code since it shows you most of the Important
|
|
|
|
|
Stuff(TM) about your packets (as I see it anyway). The code is pretty easy
|
|
|
|
|
to modify to provide more complete packet decoding, so feel free to make
|
|
|
|
|
suggestions.
|
|
|
|
|
|
2000-07-10 13:35:52 +00:00
|
|
|
WWW: http://www.snort.org/
|
