Friday, November 6, 2015

Snort++ Build 177 Available Now

Snort++ build 177 is now available on  This is the latest monthly update available for download.  You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

Bug Fixes

  • fixed teredo payload detection
  • fix ppm config
  • fixed 116:297
  • fixed dynamic builds
  • fixed profiler configuration
  • fixed ppm event logging
  • fixed -B switch
  • don't create pid file unless requested
  • remove pid lock file
  • perfmonitor fixes
  • prevent tcp session restart on rebuilt payloads; thanks to rmkml for reporting the issue
  • reverted tcp syn only logic to match 2X
  • ensure ip6 extension decoder state is reset for ip4 too since ip4 packets may have ip6 next proto
  • fix cmake for hyperscan


  • update old http_inspect to allow spaces in uri
  • added null check suggested by Bill Parker
  • ssl and dns stats updates
  • tcp reassembly refactoring
  • profiler rewrite
  • added gzip support to new_http_inspect
  • added regex rule option based on hyperscan
  • ported gtp preprocessor and rule options from 2.X
  • ported modbus preprocessor and rule options from 2.X
  • added unit test build for cmake (already in autotools builds)
  • decouple -D, -M, -q
  • delete -E
  • ssl stats updates
  • added pkt_num rule option to extras
  • added filename to reload commands
  • convert README to markdown for pretty github rendering; contributed by

Please submit bugs, questions, and feedback to or the Snort-Users mailing list.

Happy Snorting!
The Snort Release Team