Snort 3

Snort 3 is the next-generation release of the Snort network intrusion detection and prevention system. It inspects live network traffic or packet captures against a rule set to catch attacks, probes, and emerging threats in real time.

It runs multiple packet-processing threads sharing one configuration and attribute table, supports scriptable LuaJIT config and pluggable components, and uses service autodetection for portless rules. A wizard handles port-independent configuration, a binder maps settings to traffic, and a rewritten HTTP inspector deepens application-layer analysis.

The snort2lua converter migrates Snort 2.x rules and configuration to the new format. Packet I/O runs through the DAQ abstraction layer, letting the same engine work inline for prevention or passively for detection across high-throughput links.