TOTAL
Since dec 2006
1'942'871 Visitors
4'218'042 Pages

Nov 2010 Stats
82'909 Visitors
146'476 Pages
196 countries
Full statistics



Help us translate
our tutorials!

JOIN the
OpenManiak Team.
OM TEAM
Director:
Blaise Carrera
Tutorials creation:
Blaise Carrera
Translaters:
Giovanni Fredducci
Angel Chraniotis
Moham. H. Karvan
Alexandro Silva
Blaise Carrera
Andrei Chertolyas
Sergiy Uvarov
Nickola Kolev
Łukasz Nowatkowski
Ivo Raisr
Catalin Bivolaru
Bogdan A. Costea
Kirill Simonov
Oliver Mucafir
JaeYoung Jeon
Seungyoon Lee
Jie Yu & Si Cheng
Tao Wei
YukiAlex
Fumihito Yoshida
Muhammad Takdir
Çağdaş Tülek
Auditors
Leslie Luthi
Joe Anderson
Jennifer Ockwell
Nigel Titley
Alison Rees
Webmaster:
Blaise Carrera
SNORT - The Easy Tutorial - Introduction

Snort Introduction
Last Change : Feb 17 2010 french flagenglish flag


Tool
Install
Ergonomy
Forum



Details What is Snort ?
Screenshots
Prerequisites
Snort
BASE
Update Snort
Bleedingsnort Rules
Port Mirroring



⚠️⚠️⚠️
Please check our website about
attractions in Western Switzerland !! (Please use english translation).

⚠️⚠️⚠️
Merci de consulter notre site sur les
activités à faire en Suisse romande !!


Snort
BASE
Oinkmaster
Bleeding rules


Snort is an open source IDS (Intrusion detection system) written by Martin Roesch.
It was bought by the commercial company SourceFire which was bought itself by the FireWall Giant CheckPoint in 2005.

Like Tcpdump, Snort uses the libpcap library to capture packets.

Snort can be runned in 4 modes:

- sniffer mode: snort will read the network traffic and print them to the screen.
- packet logger mode: snort will record the network traffic on a file
- IDS mode: network traffic matching security rules will be recorded (mode used in our tutorial)
- IPS mode: also known as snort-inline (IPS = Intrusion prevention system)

Snort is a very powerful tool and is known to be one of the best IDS on the market even when compared to commercial IDS.
A lot of people in the very active snort community are sharing their security rules which is very useful if you are not an security expert and wants to have up-to-date rules.
The SourceFire company is releasing very frequent new security rules that can be downloaded either for free some days after their releases or immediatly but for money.

By chance, The bleedingsnort community create security rules for free directly after their releases.

Another tool is needed to display the logs generated by the Snort IDS and sent into the database. This tool is BASE for Basic Analysis and Security Engine. It is in fact a php script displaying alerts on a web interface.