Snort is an open source network intrusion prevention and detection
system (IDS/IPS) developed by Sourcefire. Combining the benefits of
signature, protocol and anomaly-based inspection, Snort is the most
widely deployed IDS/IPS technology worldwide. Snort really isn’t very hard to use, but there are a lot of command line options to play with, and it’s not always obvious which ones go together well. This file aims to make using Snort easier for new users.
Snort can be configured to run in four modes:
* Sniffer mode, which simply reads the packets off of the network and displays them for you in a continuous stream on the console (screen).
* Packet Logger mode, which logs the packets to disk.
* Network Intrusion Detection System (NIDS) mode, the most complex and configurable configuration, which allows Snort to analyze network traffic for matches against a user-defined rule set and performs several actions based upon what it sees.
* Inline Mode, which obtains packets from iptables instead of from libpcap and then causes iptables to drop or pass packets based on Snort rules that use inline-specific rule types.