Snort is the de facto standard for open source network intrusion detection. The developer community has kept a fairly low profile for a couple of years, but extensions like Snorby, OpenFPC, and Pulled Pork have given the old hog a new lease on life.
Snort is old – on an IT timescale, even ancient. Marty Roesch started developing the network sniffer back in 1998. His original plan was “just” to program a network sniffer that would run on a variety of operating systems. The initial version, released back in 1998, comprised just 1,200 lines of code, but one of the most powerful network IDS engines of all time arose from these humble beginnings. In 2001, Roesch founded Sourcefire, a company that is today synonymous with successful network intrusion prevention appliances based on Snort. Sourcefire continues to develop Snort as a way of giving back to the open source community.