I just got back from Snort training in Atlanta, Georgia.

I am completely impressed with what a beautiful project that is. It is a work of art!

My most favorite features are the byte_test, byte_jump, flowbits. The first two allow you to account for variable sized fields inside of packet payloads, while flowbits allow you to track condition states across multiple packets in a stream.

My instructor, John Gay, was super in presenting the material in a clear and concise manner.