Snort是一个多平台(Multi-Platform),实时(Real-Time)流量分析，网络IP数据包(Pocket)记录等特性的强大的网络入侵检测/防御系统(Network Intrusion Detection/Prevention System),即NIDS/NIPS。

Snort符合通用公共许可(GPL——GUN General Pubic License),在网上可以通过免费下载获得Snort,并且只需要几分钟就可以安装并开始使用它。snort基于libpcap。

新版本特性

Updated File processing for partial HTTP content and MIME attachments.
Addition of new config option max_attribute_services_per_host and improve memory usage within attribute table.
Handle excessive overlaps in frag3.
Stream API updates to return session key for a session.
Reduce false positives for TCP window slam events.
Updates to provide better encoding for TCP packets generated for respond and react.
Disable non-Ethernet decoders by default for performance reasons. If needed, use --enable-non-ether-decoders with configure.

下载地址