Snort can be run in 4 modes:
- sniffer mode: snort will read the network traffic and print them to the screen.
- packet logger mode: snort will record the network traffic on a file
- IDS mode: network traffic matching security rules will be recorded (mode used in our tutorial)
- IPS mode: also known as snort-inline (IPS = Intrusion prevention system)
A lot of people in the very active snort community are sharing their security rules which is very useful if you are not an security expert and wants to have up-to-date rules.Snort can be combined with other free software such as sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data..which is in fact a PHP script displaying alerts on a web interface. At the end of the day, Snort is a must have for any security researcher or network paranoids out there..another mentionable IDS systems are Fragrouter,OSSEC HIDS and sGUIL.
You can download Snort from here