Free Tool of the Week: Snort

There are many intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) on the market, but one of the best, oldest, and most reliable also happens to be free. The open-source IDS/IPS tool called Snort has been covered a few times in Windows IT Pro, most notably by Douglas Toombs in "Sniff with Snort" (InstantDoc ID 42606).

Toombs provides a little background: "With a history going back to at least 1998, this flexible package has a long, proven track record. With contributions from open-source community members and network administrators around the world, Snort has grown into a very capable product. Snort can perform real-time traffic analysis and logging of IP traffic at Fast Ethernet and Gigabit Ethernet speeds."

Although it was originally developed for UNIX setups, it works fabulously on Windows products, bringing IT pros a variety of network-monitoring functions, from basic packet sniffing to the aforementioned IDS/IPS functionality.

In its passive packet-sniffer mode, it simply displays network activity. In packet-logger mode, Snort writes its results to directory of your choosing. For more advanced functionality, you can switch to Snort's IDS capability. You provide it with custom rules, and it will analyze your traffic and warn you of anything untoward. Snort is a barebones powerhouse.

Check out our previous coverage:

How to Build a Snort Server

Snort Made Easy

Snort 3.0 to Get a Major Overhaul