How to add new command line arguments to Snort

Peter Peter
Sep 1, 2018 · 1 min read

Snort is the most famous Intrusion Detection & Prevention System(IDPS) opensource tool based on Deep Packet Inspection(DPI) technology. It could either sniff live packet stream or read static pcap files to inspect network packets within according to the detection rules specified by one who deployed Snort. The detection engine will inspect the incoming packets one by one based on the patterns defined in the rules. Once a packet’s pattern matched to those defined in rules, Snort will trigger some predefined actions (e.g. alert or log) to handle the following procedures.

There are rich features in Snort, and one can play well with proper command line arguments supplied. But sometimes we are still necessary to add new features in Snort to satisfy our customization need. Once all the program development had been finished, you’ll find that one or more new parameters were required to be supplied to invoke the new feature eventually . The new parameters could be set in either Snort configure file(i.e. snort.conf) or command line argument, we’ll discuss the later case — command line argument — in this article and show readers how to add new command line argument in Snort.


Before we actually start to add new command line argument to Snort, we have to analyze the argument processing flow in advance.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade