Snort¶

What is it?¶

Snort is the world’s most popular open-source intrusion detection system (IDS). It monitors network traffic in real-time, looking for malicious patterns and generating alerts.

Why use it?¶

Proven protection - Has been detecting threats for over 20 years
Flexible rule system - Can catch anything from malware to zero-days
Lightweight - Runs on everything from enterprise networks to Raspberry Pis

How it works: Snort continuously:

Examines every packet passing through the network
Matches traffic against its rule database
Generates alerts when something suspicious is found

How use it?¶

Writing IDS rules
MS17-010
Log4j
Brute force
Reverse shell

RootMe

Last update: 2025-05-12 14:39