snort - An open source Network Intrusion Detection System (NIDS)
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. You MUST edit /etc/snort/snort.conf to configure snort before it will work! Please see the documentation in /usr/share/doc/snort-2.9.12 for more information on snort features and configuration.
|snort-2.9.12-1.fc24.src [6.2 MiB]||
by Lawrence R. Rogers (2018-10-11):
- Release 2.9.12-1 New Additions Parsing HTTP CONNECT to extract the tunnel IP and port information. Alerting and dechunking for chunked encoding in HTTP1.0 request and response. Improvements Fixed an issue where, if we have a junk line before HTTP response header, the header was wrongly parsed. Fixed GZIP evasions where an HTTP response with content-encoding:gzip contains a body that has a GZIP-related anomaly. Fixed an issue in certain scenarios where a BitTorrent pattern is seen only on the third packet of the session, causing us to miss our client detection. SMB improvements for file detection and processing.