Snort 3
Next-Generation Network Intrusion Prevention System
Multi-threaded, Lua-configurable, and extensible — Snort 3 delivers deep packet inspection at scale with over 200 built-in plugins.
Multi-threaded Processing
Process packets across multiple threads simultaneously for high-throughput environments. Scale detection to match your network’s demands.
Lua Configuration
Configure everything via a live Lua script — compute values, include files, and override settings at the command line without rewriting configs.
Plugin Framework
200+ built-in plugins covering Codecs, Inspectors, IPS Options, Loggers, and more. Build your own and load them dynamically at runtime.
Deep Protocol Inspection
Inspect HTTP, HTTP/2, FTP, SMTP, DNS, TLS/SSL, DCE/RPC, Modbus, DNP3, and 15+ more protocols with dedicated service inspectors.
Hyperscan Acceleration
Leverage Intel Hyperscan for high-speed regular expression matching and fast pattern search across rule groups.
Inline IPS Mode
Run inline with the afpacket DAQ to actively block threats in real time — not just detect and alert on them.
Quick Example
Explore the Documentation
Quickstart
Install dependencies, build Snort, and run your first packet capture in minutes.
Configuration Guide
Learn how Lua configuration, modules, rules, and binding work together.
Protocol Inspectors
Explore the service inspectors that analyze application layer protocols.
Plugin Development
Extend Snort with custom Inspectors, Codecs, IPS Options, and Loggers.
Command Reference
Complete reference for all Snort command-line flags and options.
Migration from Snort 2
Convert your Snort 2.x configurations and rules to Snort 3 format.
Snort 3 is open source.
View on GitHub