Get started Bring yourself up to speed with our introductory content.

Is Snort right for the IDS needs of all clients?

While the Snort IDS may not suit all customers, its unheralded protocol analysis and traffic reconstruction capabilities make it more broadly useful than some might think.

Snort has been far more than a network "grep" tool for many years.

About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at and Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.

"Grep" refers to the Unix utility used to identify strings in content. Snort can indeed identify various content strings via direct traffic inspection. However, Snort has far more powerful protocol analysis and traffic reconstruction capabilities that don't get as much press as its signature matching engine. Snort won't necessarily meet the needs of all clients, but anyone who wants to collect indicators of suspicious or malicious activity will find Snort exceptionally helpful.

This was last published in January 2008

Dig Deeper on Managed network security services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.