< Back to index


Snort is a free software network intrusion detection and prevention system capable of performing packet logging & real-time traffic analysis, on IP networks. Snort was written by Martin Roesch but is now owned and developed by Sourcefire, of which Roesch is the founder and current CTO. Proprietary versions with integrated hardware and support services are sold by Sourcefire.

Snort is capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, amongst other features. The system can also be used for intrusion prevention purposes, by dropping attacks as they are taking place. Snort can be combined with other software such as SnortSnarf, sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data. With patches for the snort source from Bleeding Edge Threats, support for packet stream antivirus scanning with ClamAV and network abnormality with SPADE, in the network layer 3 and 4, is possible with historical observation.

Check Point attempted to acquire Sourcefire in 2005, but the deal fell through as both companies mutually withdrew from the acquisition process.

Snort the software package is not written in all capital letters. It is a proper name and is written as 'Snort'. The name is trademarked in this fashion. The only time it appears in all capital letters is in logo graphics.
This entry uses material from from Wikipedia, the leading user-contributed encyclopedia. It is licensed under the GNU Free Documentation License. Disclaimer.