Monday, June 1, 2015

Snort++ Build 155 Available Now

Snort++ build 155 is now available on  This is the latest monthly update of the downloads.  You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

New Features

  • ported smtp inspector from Snort
  • ported file capture from Snort
  • added file_magic.lua
  • added socket DAQ to input payload only with flow tuple
  • added hext DAQ to for packet input in hex and plain text
  • added file DAQ for plain file input (w/o packets)
  • added socket codec for use with above DAQs
  • added stream_user for payload only processing
  • added stream_file for file inspection and processing


  • changed new_http_inspect parsing and event handling
  • changed stream_tcp to reassemble payload only
  • changed -K to -L (log type)
  • changed hex dumps to 20 hex bytes per line instead of 16
  • rewrote alert_csv with all new default format 

Bug fixes

  • fixed dns inspector typo for tcp checks
  • fixed config error for inspection of rebuilt packets
  • fixed autotools build of manual wrt plugins
  • fixed xcode static analysis issues
  • fixed other misc bugs

Other Changes

  • updated default manuals
  • updated usage from blog
  • updated unified2 to support data only packets
  • deleted alert_test
  • deleted obsolete REG_TEST logging

Please submit bugs, questions, and feedback to or the Snort-Users mailing list.

Happy Snorting!
The Snort Release Team