What is Snort?

Snort is a lightweight network intrusion detection system, capable of performing  real-time  traffic analysis and packet logging on IP networks.  It  can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes,  such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much  more.  Snort  uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine  that  utilizes a modular plugin architecture.  Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.

Snort has three primary uses.   It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system.

Snort logs packets in either tcpdump(1) binary format  or in  Snort's decoded  ASCII  format to logging directories that are named based on the IP address of the "foreign" host

Snort should work any place libpcap does, and is known to have been compiled successfully on the following platforms: 

x86 Sparc M68k/PPC Alpha Other  
X
X
X
X
X
Linux
X
X

X

    OpenBSD
X
   
X
  FreeBSD
X
 
X
    NetBSD
X
X
      Solaris
 
X
      SunOS 4.1.X
       
X
HP-UX
       
X
AIX
       
X
IRIX
     
X
  Tru64
   
X
    MacOS X Server