Snort
Classic packet-sniffing IDS/IPS with rule language and community rule feeds; Snort 3 improves scaling.
Why it is included
Historic and still common reference for signature-based network detection.
Best for
Networks standardizing on Snort rules or Cisco ecosystem integrations.
Strengths
- Huge rule corpus
- Snort 3 multithreading
- Documentation depth
Limitations
- Competitive feature compare with Suricata—pick one operational stack
Good alternatives
Suricata · Zeek
Related tools
Security & Privacy
Suricata
High-performance IDS/IPS and network security monitoring with multi-threading, TLS inspection options, and Lua scripting.
Security & Privacy
Zeek
Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.
Security & Privacy
Arkime
Large-scale full packet capture, indexing, and search (SPIE) with a web UI—successor to the Moloch lineage for NSM teams.
Security & Privacy
Wireshark
Network protocol analyzer for deep packet inspection and forensic debugging.
Security & Privacy
bettercap
Network attack framework: Wi-Fi, BLE, LAN recon, ARP/DNS spoofing, proxy, and modular caplets.
Security & Privacy
CrowdSec
Collaborative intrusion prevention: parse logs, apply scenarios, share reputation (optional), and block via bouncers (firewall, nginx, Cloudflare).