The way in which Snort achieves this is by analysing protocols and seeking out any unusual behaviour linked to probes and attacks such as buffer overflows, port scanning, CGI attacks, SMB or OS fingerprinting tests.
Snort is a flexible rule based language that can be set to know what data it should capture and what it should let through. Its scanning engine is modular, which means that its functionality can be extended with plugins.
Various real-time alerts will be sent to the system administrator to indicate the presence of suspicious network behaviour. But be aware! Snort is a command line tool.
Snort supports IPv6 and can be used with MySQL, ODBC, Microsoft SQL Server and Oracle. You will need to manually edit the snort.conf file to set the correct file and classification rules.
Snort requires WinPcap 3.1 or later to be installed.