[10] Snort's open-source network-based intrusion detection/prevention system (IDS/IPS) has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks.

The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, semantic URL attacks, buffer overflows, server message block probes, and stealth port scans.

[11] Snort can be configured in three main modes: 1. sniffer, 2. packet logger, and 3. network intrusion detection.

In intrusion detection mode, the program will monitor network traffic and analyze it against a rule set defined by the user.

[13] There are several third-party tools interfacing Snort for administration, reporting, performance and log analysis: