Snort has the following features:
* It detects threats, such as buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other port scanners, well-known backdoors and system vulnerabilities, and DDoS clients, and alerts the user about them.
* It develops a new signature to find vulnerabilities.
* It records packets in their human-readable form from the IP address.
* It is used as a passive trap to record the presence of traffic that should not be found on a network, such as NFS or Napster connections.
* It is used to monitor a home DSL connection or a corporate Web site.