Understanding the Snort Architecture Introduction Welcome to the module 2 of this workshop, in the previous module, we have discussed the core concepts of intrusion detection & prevention systems. In this module, we will discuss Snort as a defacto standard in the intrusion detection & prevention system. We will be exploring Snort architecture i.e. the building blocks of Snort. Pre-requisites It is strongly recommended that you should first complete the module 1 before reading this module in case you don’t have prior understanding of what we have been discussing in the module one. What is Snort? “It is an open source intrusion prevention system capable of real-time traffic analysis and packet logging” (Sourcefire) ”Snort is a Sourcefire product, and it has gained the market and in a couple of past years Sourcefire was acquired by Cisco Inc. so you can say that Snort is a Cisco product! But it is not labeled as Cisco because Snort is an opensource product and comes under opensour