Snort(TM)


But do you really want to use Snort?
Snort 2 is kind of old with a bloated and scary design.  And GPLv2.
Snort 3 is not much better and basically non-free (GPLv2 with "clarifications").

Or Bro?

Sometimes you have to use an IDS/IPS but we're not really happy about the existing implementations.
Nobody came up with a nicer solution for BSDs yet.
Userland could be a lot simpler when using an extended divert-packet.