{"id":13434580,"url":"https://github.com/snort3/snort3","last_synced_at":"2025-12-17T03:04:28.825Z","repository":{"id":24471508,"uuid":"27875223","full_name":"snort3/snort3","owner":"snort3","description":"Snort++","archived":false,"fork":false,"pushed_at":"2025-05-08T18:47:21.000Z","size":89987,"stargazers_count":2877,"open_issues_count":66,"forks_count":597,"subscribers_count":129,"default_branch":"master","last_synced_at":"2025-05-08T19:43:40.642Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/snort3.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog.md","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2014-12-11T14:28:09.000Z","updated_at":"2025-05-08T18:47:16.000Z","dependencies_parsed_at":"2023-09-26T08:08:12.066Z","dependency_job_id":"95bee02d-95fc-4687-b31c-ac2d57e50706","html_url":"https://github.com/snort3/snort3","commit_stats":{"total_commits":5351,"total_committers":94,"mean_commits":56.92553191489362,"dds":0.6772565875537282,"last_synced_commit":"e0261e2fdfc83c2f9dd085c73e1f25f34ca38c87"},"previous_names":[],"tags_count":160,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snort3%2Fsnort3","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snort3%2Fsnort3/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snort3%2Fsnort3/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snort3%2Fsnort3/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/snort3","download_url":"https://codeload.github.com/snort3/snort3/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254036807,"owners_count":22003652,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T03:00:18.127Z","updated_at":"2025-12-17T03:04:27.265Z","avatar_url":"https://github.com/snort3.png","language":"C++","readme":"# Snort++\n\nSnort 3 is the next generation Snort IPS (Intrusion Prevention System).\nThis file will show you what Snort++ has to offer and guide you through the\nsteps from download to demo. If you are unfamiliar with Snort you should\ntake a look at the Snort documentation first. We will cover the following\ntopics:\n\n---\n\n* [Overview](#overview)\n* [Dependencies](#dependencies)\n* [Download](#download)\n* [Build Snort](#build-snort)\n* [Run Snort](#run-snort)\n* [Documentation](#documentation)\n* [Squeal](#squeal)\n\n# OVERVIEW\n\nThis version of Snort++ includes new features as well as all Snort 2.X\nfeatures and bug fixes for the base version of Snort except as indicated\nbelow:\n\n Project = Snort++\n Binary = snort\n Version = 3.0.0 (Build 250) from 2.9.11\n\nHere are some key features of Snort++:\n\n* Support multiple packet processing threads\n* Use a shared configuration and attribute table\n* Use a simple, scriptable configuration\n* Make key components pluggable\n* Autodetect services for portless configuration\n* Support sticky buffers in rules\n* Autogenerate reference documentation\n* Provide better cross platform support\n* Facilitate component testing\n* Use a shared network map\n\nAdditional features on the roadmap include:\n\n* Support pipelining of packet processing\n* Support hardware offload and data plane integration\n* Support proxy mode\n* Windows support\n\n# DEPENDENCIES\n\nIf you already build Snort, you may have everything you need. If not, grab\nthe latest:\n\n* CMake to build from source\n* DAQ from https://github.com/snort3/libdaq for packet IO\n* dnet from https://github.com/dugsong/libdnet.git for network utility functions\n* flex \u003e= 2.6.0 from https://github.com/westes/flex for JavaScript syntax parser\n* g++ \u003e= 7 or other C++17 compiler\n* hwloc from https://www.open-mpi.org/projects/hwloc/ for CPU affinity management\n* LuaJIT from http://luajit.org for configuration and scripting\n* OpenSSL from https://www.openssl.org/source/ for SHA and MD5 file signatures,\n the protected_content rule option, and SSL service detection\n* pcap from http://www.tcpdump.org for tcpdump style logging\n* PCRE2 from http://www.pcre.org for regular expression pattern matching\n* pkgconfig from https://www.freedesktop.org/wiki/Software/pkg-config/ to locate build dependencies\n* zlib from http://www.zlib.net for decompression\n\nAdditional packages provide optional features. Check the manual for more.\n\n# DOWNLOAD\n\nThere is a source tarball available in the Downloads section on snort.org:\n\n snort-3.0.0-a3.tar.gz\n\nYou can also get the code with:\n\n git clone https://github.com/snort3/snort3.git\n\nThere are separate extras packages for cmake that provide additional\nfeatures and demonstrate how to build plugins. The source for extras\nis in snort3_extra.git repo.\n\n# BUILD SNORT\n\nFollow these steps:\n\n1. Set up source directory:\n\n * If you are using a github clone:\n\n ```shell\n cd snort3/\n ```\n\n * Otherwise, do this:\n\n ```shell\n tar zxf snort-tarball\n cd snort-3.0.0*\n ```\n\n2. Setup install path:\n\n ```shell\n export my_path=/path/to/snorty\n ```\n\n3. Compile and install:\n\n * To build with cmake and make, run configure_cmake.sh. It will automatically create and populate a new subdirectory named 'build'.\n\n ```shell\n ./configure_cmake.sh --prefix=$my_path\n cd build\n make -j $(nproc) install\n ```\n\n**_Note_**:\n\n * If you can do src/snort -V you built successfully.\n * If you are familiar with cmake, you can run cmake/ccmake instead of configure_cmake.sh.\n * cmake --help will list any available generators, such as Xcode. Feel free to use one, however help with those will be provided separately.\n\n# RUN SNORT\n\nHere are some examples. If you are using Talos rules and/or configs, you\nshould first set any needed variables at the top of snort.lua and\nsnort_defaults.lua.\n\n* Snort++ provides lots of help from the command line, including:\n\n ```shell\n $my_path/bin/snort --help\n $my_path/bin/snort --help-module suppress\n $my_path/bin/snort --help-config | grep thread\n ```\n\n* Examine and dump a pcap. In the following, replace a.pcap with your\n favorite:\n\n ```shell\n $my_path/bin/snort -r a.pcap\n $my_path/bin/snort -L dump -d -e -q -r a.pcap\n ```\n\n* Verify a config, with or w/o rules:\n\n ```shell\n $my_path/bin/snort -c $my_path/etc/snort/snort.lua\n $my_path/bin/snort -c $my_path/etc/snort/snort.lua -R $my_path/etc/snort/sample.rules\n ```\n\n* Run IDS mode. In the following, replace pcaps/ with a path to a directory\n with one or more *.pcap files:\n\n ```shell\n $my_path/bin/snort -c $my_path/etc/snort/snort.lua -R $my_path/etc/snort/sample.rules \\\n -r a.pcap -A alert_test -n 100000\n ```\n\n* Let's suppress 1:2123. We could edit the conf or just do this:\n\n ```shell\n $my_path/bin/snort -c $my_path/etc/snort/snort.lua -R $my_path/etc/snort/sample.rules \\\n -r a.pcap -A alert_test -n 100000 --lua \"suppress = { { gid = 1, sid = 2123 } }\"\n ```\n\n* Go whole hog on a directory with multiple packet threads:\n\n ```shell\n $my_path/bin/snort -c $my_path/etc/snort/snort.lua -R $my_path/etc/snort/sample.rules \\\n --pcap-filter \\*.pcap --pcap-dir pcaps/ -A alert_fast --max-packet-threads 8\n ```\n\nAdditional examples are given in doc/usage.txt.\n\n# DOCUMENTATION\n\nTake a look at the manual, parts of which are generated by the code so it\nstays up to date:\n\n```shell\n$my_path/share/doc/snort/snort_manual.pdf\n$my_path/share/doc/snort/snort_manual.html\n$my_path/share/doc/snort/snort_manual/index.html\n```\n\nIt does not yet have much on the how and why, but it does have all the\ncurrently available configuration, etc. Some key changes to rules:\n\n* you must use comma separated content sub options like this: content:\"foo\", nocase;\n* buffer selectors must appear before the content and remain in effect until changed\n* pcre buffer selectors were deleted\n* check the manual for more on Snort++ vs Snort\n* check the manual reference section to understand how parameters are defined, etc.\n\nIt also covers new features not demonstrated here:\n\n* snort2lua, a tool to convert Snort 2.X conf and rules to the new form\n* a new HTTP inspector\n* a binder, for mapping configuration to traffic\n* a wizard for port-independent configuration\n* improved rule parsing - arbitrary whitespace, C style comments, #begin/#end comments\n* local and remote command line shell\n\n# SQUEAL\n`o\")~`\n\nWe hope you are as excited about Snort++ as we are. Let us know what you\nthink on the snort-users list. In the meantime, we'll keep our snout to\nthe grindstone.\n\n","funding_links":[],"categories":["Uncategorized","C++","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e新添加的","C++ (225)","Security","Application Recommendation","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e工具","Recently Updated","Network Tools"],"sub_categories":["Uncategorized","\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的","🔒 Cybersecurity","[Apr 27, 2025](/content/2025/04/27/README.md)","Network Traffic Replay and Editing Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnort3%2Fsnort3","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsnort3%2Fsnort3","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnort3%2Fsnort3/lists"}