snort - An open source Network Intrusion Detection System (NIDS)
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. You MUST edit /etc/snort/snort.conf to configure snort before it will work! Please see the documentation in /usr/share/doc/snort-184.108.40.206 for more information on snort features and configuration.
|snort-220.127.116.11-1.el6.i686 [8.0 MiB]||
by Lawrence R. Rogers (2019-08-02):
- Release 18.104.22.168-1 New Additions Added support for wild card port numbers in host cache and overwriting port service AppId. Added support for new STLS client patterns to help better detect POP3S over SSL. Added support for detecting Mac based SMTP Microsoft Outlook client application. Added a new preprocessor alert 120:27 to alert if there is no proper end of header. Improvements / Fix Improved appId detection for proxied traffic. Fix for enabling flow profiling mode without restarting snort detection engine. Fixed packet drop scenario.