Snort
Note
Installing Snort requires WinPcap 3.1 or above.
Snort analyzes the protocol by acquiring this method and finds any unusual search and behavior related to buffer overflow, port scanning, signal attack, SMB or OS fingerprinting tests such as attacks.
Snort is a flexible rule based language that can be set to capture a data and know what it should be given. Its scanning engine is modular, which means its functionality can be expanded with plugins.
Several real-time alerts will be sent to the system administrator to indicate the presence of suspicious network behavior. But be aware! Snort is a command line tool.
Snort supports IPv6 and can be used with MySQL, ODBC, Microsoft SQL Server and Oracle. You need to manually edit the snort.conf file to set the correct file and classification rules.
More Information
License | Version | Developer |
---|---|---|
OpenSource | 2.9.20 | Sourcefire, Inc. |