Thursday, February 2, 2017

Snort++ Build 225 Available Now on!

Snort++ build 225 is now available on  This is the latest monthly update available for download.  You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

There are too many changes to list here so check the ChangeLog for details.

  • implement RPC over HTTP by adding dce_http_server and dce_http_proxy
  • port disable_replace option from snort 2.x and add snort2lua support
  • port ssh tunnel over http detection
Bug Fixes:
  • fix stream splitter handling during final flush of session data
  • fix appid to use HTTP inspection events to detect webdav methods
  • fix unit test build to work w/o REG_TEST
  • fix shell to add missing newline to Lua execution error responses
  • fix support for content strings with escaped quotes ("foo\"bar")
  •    thanks to for reporting the issue
  • fix various reload issues
  • fix various thread sanitizer issues
  • fix session disposal to always be after logging
  • fix appid pattern matching issues
  • fix appid dns flow counts
  • fix shell resume after command line --pause
  • fix sd_pattern validation boundary conditions
Other Changes:
  • build: don't disable asserts when compiling with code coverage
  • autoconf: update to latest versions of autoconf-archive macros
  • main: add asynchronous, broadcastable analyzer commands
  • add salt to flow hash
  • normalize peg names to lower snake_case
  • update default manuals
Please submit bugs, questions, and feedback to or the Snort-Users mailing list.

Happy Snorting!
The Snort Release Team