Snort for Linux is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol, and anomaly based inspection methods. Snort has three primary uses: it can be used as a straight packet sniffer, a packet logger (useful for network traffic debugging), or as a full blown network threat detection and prevention system.
Snort can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine. Snort has a real-time alerting capability, with alert mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.