If you are in security, you might have heard of an Intrusion Detection system, which is a device or mechanism that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. There are a lot of professional IDS available for commercial use,but when it comes to being free as freedom (read:open source), Snort is my favorite.
Snort can be run in 4 modes:
- sniffer mode: snort will read the network traffic and print them to the screen.
- packet logger mode: snort will record the network traffic on a file
- IDS mode: network traffic matching security rules will be recorded (mode used in our tutorial)
- IPS mode: also known as snort-inline (IPS = Intrusion prevention system)