Snort is an open source network intrusion prevention system and intrusion detection system. Among its features, it can do real-time traffic analysis and packet logging. It can be run in three different modes:
- Packet sniffing mode: In this mode, Snort simply intercepts traffic on your network in a manner similar to how a program like Wireshark would.
- Packet logging mode: This mode is useful for network traffic debugging. Packets are logged to a disk.
- Network intrusion prevention mode: In this mode, Snort monitors network traffic, and analyzes it against a user-defined rule set. The program can perform a specific action based on the rule that has been matched.
Snort provides its own rules which you can use for intrusion detection. You ...