DosFreak 2 Posted March 7, 2003 http://www.snort.org/ Quote: DESCRIPTION Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis and content searching/matching in order to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real- time alerting capability as well, incorporating alerting mechanisms for syslog, user specified files, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. Snort has three primary functional modes. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets to many formats, including tcpdump(1) binary format or Snort's decoded ASCII format to a hierarcical set of directories that are named based on the IP address of the remote host. Plugins allow the detection and reporting subsystems to be extended. Available plugins include database or XML logging, small fragment detection, portscan detection, and HTTP URI normalization, IP defragmentation, TCP stream reassembly and statistical anomaly detection. Be sure to grab the frontend: IDSCENTER http://www.packx.net/packx/html/en/index-en.htm Going to go have some fun now! Share this post Link to post
duhmez 0 Posted March 8, 2003 Will it sniff a Wan adapter on windows servers? (Ethereal will not... ARG) Share this post Link to post
