Monday, July 6, 2015

Snort++ Alpha 2 Available Now!

The second alpha release of Snort++ is now available on snort.org, and it includes a lot of new features and functionality:

Snort features:

  • sync with Snort 297-177
  • ported dns inspector
  • ported ssh and ssl inspector
  • ported smtp, pop, and imap inspectors
  • ported sip inspector
  • ported file processing

New features:

  • added publish-subscribe handling of inspection events
  • added data_log plugin example for pub-sub
  • added build of snort_manual.text if w3m is installed
  • added file_magic.lua
  • added socket DAQ to input payload only with flow tuple
  • added hext DAQ to for packet input in hex and plain text
  • added file DAQ for plain file input (w/o packets)
  • added socket codec for use with above DAQs
  • added stream_user for payload only processing
  • added stream_file for file inspection and processing
  • added usage, bugs, and DAQ sections to user manual
  • added default_snort_manual.text w/o w3m
  • rewrote alert_csv with all new default format
  • changed stream_tcp to reassemble payload only
  • optionally omit ports or networks and ports in rule headers
  • updated new_http_inspect
  • rule protocols include services (like http) and file
  • allow abbreviated rule headers (omit networks and/or ports)
  • uncrustify, see crusty.cfg

The Snort++ project is gaining momentum.  With new developers coming on board we will finish porting all of Snort's functionality in the next few months.  Here are some things to look for in the third alpha release:
  • port open appID
  • port dcerpc2 inspector
  • port modbus and dnp3 inspectors
  • port side channel and HA functionality
  • rewrite of stream_tcp for greater functionality and performance
  • rewrite of perf stats
  • pipelined packet processing
  • hardware offloading support
  • next generation DAQ
  • next generation unified logging
  • Windows support
New downloads are posted to snort.org monthly.  You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

Please submit bugs, questions, and feedback to bugs@snort.org or the Snort-Users mailing list.

Happy Snorting!
The Snort Release Team