Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient. Changes: Bugfix release - fixed crash bug in frag2 on Linux, fixed ICMP printout and decoder for new ICMP header structs introduced in 1.8.1, fixed flexresp code - actually works now, flexresp response times should be shorter for TCP sniping, TCP packets are cached at start time and fired as needed, and added -B switch to enhance obfuscation of IP addresses in pcap files.


hmm sounds yummy.. hehe... i ordered one copy... hope i'd get it soon..