Snort :: Docs

Snort Official Documentation

The official documentation produced by the Snort team at Sourcefire

Title	Author
Snort Users Manual	Snort Team
Snort FAQ	Snort Team
The Snort Manual (HTML)	Snort Team

Title

Author

Snort Users Manual PDF Small

Snort Team

Snort FAQ

Snort Team

The Snort Manual (HTML)

Snort Team

Snort Setup Guides

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author. Authors who want comments and feedback may be emailed by clicking on their names below.

If you have a document you’d like to contribute to the Snort community contact us at snort-team@sourcefire.com.

Title	Author
Snort 2.9.2.0 on Ubuntu 10.04 LTS	David Gullett, Symmetrix Technologies
Snort 2.9.1.2 on Mac OS X	Christoph Murauer
Snort 2.9.1.2 on Debian 6.0	Jason Weir
Snort 2.9.1 with Barnyard2 on RHEL 6.1 x64	Randal Rioux, Procyonlabs
Snort 2.9.1 on CentOS 5.6	Nick Moore, Sourcefire
Snort 2.9.0.x with PF_RING Inline deployment	Metaflows Google Group
Snort 2.9.0.5 on OpenSuSE 11.4	Bill Parker
Snort on Amazon EC2	Etay Nir, Sourcefire

Title

Author

Snort 2.9.2.0 on Ubuntu 10.04 LTS

David Gullett, Symmetrix Technologies

Snort 2.9.1.2 on Mac OS X

Christoph Murauer

Snort 2.9.1.2 on Debian 6.0

Jason Weir

Snort 2.9.1 with Barnyard2 on RHEL 6.1 x64

Randal Rioux, Procyonlabs

Snort 2.9.1 on CentOS 5.6

Nick Moore, Sourcefire

Snort 2.9.0.x with PF_RING Inline deployment

Metaflows Google Group

Snort 2.9.0.5 on OpenSuSE 11.4

Bill Parker

Snort on Amazon EC2 PDF Small

Etay Nir, Sourcefire

Snort Deployment Guides

The following deployment guides have been contributed by members of the Snort Community for your use. If you have a document you’d like to contribute to the Snort community contact us at snort-team@sourcefire.com.

Title	Author
Comparison of Popular Snort GUIs	James Lay
100Mb IDS Tapping Diagram with 100bt span port	Jeff Nathan
100Mb IDS Tapping Diagram with 1000bt span port	Jeff Nathan
Gig IDS Tapping Diagram with Load Balancers	Jeff Nathan
Requirements for Enterprise-Wide Scaling Intrusion Detection Products	Detmar Liesen

Title

Author

Comparison of Popular Snort GUIs PDF Small

James Lay

100Mb IDS Tapping Diagram with 100bt span port PDF Small

Jeff Nathan

100Mb IDS Tapping Diagram with 1000bt span port PDF Small

Jeff Nathan

Gig IDS Tapping Diagram with Load Balancers PDF Small

Jeff Nathan

Requirements for Enterprise-Wide Scaling Intrusion Detection Products PDF Small

Detmar Liesen

Snort Related Whitepapers

The following Whitepapers have been written by Sourcefire employees and may help with your Snort deployment. For further information on these papers, please email snort-team@sourcefire.com

Title	Author
Improving your Custom Snort Rules	Leon Ward
Inline Normalization using Snort 2.9.0	Russ Combs
Using Perfmon and Performance Profiling to Tune Snort Preprocessors and Rules	Steven Sturges
VRT Rule Writing Methodology	Sourcefire’s VRT
VRT Report on the DCE/RPC vulnerability in MS08-067	Sourcefire’s VRT
VRT Report on Dan Kaminsky’s DNS Vulnerability	Sourcefire’s VRT
Performance Rules Creation Part 1	Matt Olney, Sourcefire’s VRT
Performance Rules Creation Part 2	Matt Olney, Sourcefire’s VRT
HTTP Evasions Revisited	Daniel Roelker
Target Based Fragmentation Reassembly	Judy Novak
Target-based TCP Timestamp Technical Study	Judy Novak & Steve Sturges
Target-based Stream Reassembly and Stream5 Technical Study	Judy Novak & Steve Sturges
Snort’s original concept paper	Martin Roesch

Title

Author

Improving your Custom Snort Rules PDF Small

Leon Ward

Inline Normalization using Snort 2.9.0 PDF Small

Russ Combs

Using Perfmon and Performance Profiling to Tune Snort Preprocessors and Rules PDF Small

Steven Sturges

VRT Rule Writing Methodology PDF Small

Sourcefire’s VRT

VRT Report on the DCE/RPC vulnerability in MS08-067 PDF Small

Sourcefire’s VRT