Snort

Snort

Snort is set of predefined rules which is used mostly for IDS or IPS. It has 3 main operational modes

• Packet Sniffing- Shows network traffic like Wireshark
• Packet logging —> collects and logs network traffic into a file
• Network intrusion detection —> Analyzes packets and matches traffic against signature

Intrusion detection system

• Network intrusion detection system —> monitors traffic from different areas of the network and if a signature is identified an alert is made
• Host based intrusion detection system —> Monitor traffic from a single endpoint device, basically investigating the traffic on a specific device and if a signature is identified an alert is created

ntrusion prevention system

• Network intrusion prevention system —> monitor traffic and if a signature is identified the connection is terminated
• Behavior based intrusion prevention system —> Same thing it monitors and terminates if an usual behavior is detected, the difference between NIP and BIP is behavior based requires training period which is known as baselining to learn normal traffic so it can differentiate between threats etc.
• Wireless intrusion Prevention System —> monitors the traffic flow from of wireless network, if a signature is identified the connection is terminated
• Host-based Intrusion Prevention System —> monitors and protects network on one single end point device, if a signature is identified the connection is terminated

Detection prevention techniques

• Signature based
• behavior based
• Policy based