snort - An open source Network Intrusion Detection System (NIDS)
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. You MUST edit /etc/snort/snort.conf to configure snort before it will work! Please see the documentation in /usr/share/doc/snort-2.9.16 for more information on snort features and configuration.
|snort-2.9.16-1.fc26.x86_64 [6.8 MiB]||
by Lawrence R. Rogers (2020-04-13):
- Release 2.9.16-1 New Additions Added support for early inspection of HTTP payload before flushing in pre-ack mode. This feature can be enabled using fast_blocking in http inspect configuration. Added 64-bit support for Windows 10 operating system. Added support for glibc version 2.30. Improvements and fixes Fixed file policy not working with character prefix in chunk size. Updated the file magic to detect ALZ file types. Addressed an issue when out-of-order FIN is received by dropping it. Normalize randomly encoded nulls interspersed in the HTTP server response to UTF-8.