According to the README file, Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a seperate "alert" file, or even to a Windows computer via Samba.
Marty provides the following chronology and note:
Snort history:
Dec 22 1998 snort-0.96.tar.gz
Jan 14 1999 snort-0.97.tar.gz
Jan 21 1999 snort-0.98.tar.gz
Jan 28 1999 snort-0.99.tar.gz
Feb 18 1999 snort-0.99b1.tar.gz
Mar 6 1999 snort-0.99b2.tar.gz
Mar 8 1999 snort-0.99b3.tar.gz
Mar 21 1999 snort-0.99rc1.tar.gz
Mar 22 1999 snort-0.99rc2.tar.gz
Mar 24 1999 snort-0.99rc3.tar.gz
Apr 6 1999 snort-0.99rc5.tar.gz
Apr 19 1999 snort-0.99rc6.tar.gz
Apr 28 1999 snort-1.0.tar.gz
May 20 1999 snort-1.0.1.tar.gz
Jun 21 1999 snort-1.1.tar.gz
Aug 2 1999 snort-1.2.tar.gz
Aug 6 1999 snort-1.2.1.tar.gz
Sep 26 1999 snort-1.3.tar.gz
Oct 13 1999 snort-1.3.1.tar.gz
Dec 9 1999 snort-1.5.tar.gz
Jan 20 2000 snort-1.5.1.tar.gz
Feb 26 2000 snort-1.5.2.tar.gz
Mar 20 2000 snort-1.6.tar.gz
You can see the verbal "history" of Snort in the NEWS and ChangeLog
files. FYI, all of the above listed source files are still available on
the clark.net website, you can download them directly from
http://www.clark.net/~roesch/<filename> if you are *really* interested
in the history of Snort. :) That first version (0.96) is pretty
limited... :)
Marty Roesch (pronounced like "fresh", but without the 'f') is a rather jovial guy who spends his time going to conferences and drinking in bars (at least until the cleaning crew kicks him out). In his spare time he writes intrusion detection software.