Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How is psad different from Snort?

different psad SNORT
0
Posted

How is psad different from Snort?

0 CommentsAdd a Comment

1 Answer

0

The goals of the two projects are quite different. Snort is a full-blown network intrusion detection system and uses the libpcap library to inspect not only the network and transport headers, but also the contents of packets. By contrast, psad is designed to function as a network intrusion detection system that exclusively uses firewall logs for data. It is meant to be deployed on an iptables firewall to insure it is properly configured and to analyze the data it provides as it blocks and logs packets. Note that if you combine psad with fwsnort and the iptables string match extension, then psad is capable of detecting about 50% of all Snort signatures including those that inspect the application portion of IP packets. However, if you want a full-blown network IDS that can do packet defragmentation and tcp stream reassembly, then go download Snort.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123