(snort system composition: snort consists of three main subsystems: packet decoder, viewing engine, log and alarm system. Snort has three working modes: sniffer, packet logger, and network intrusion/intrusion viewing system. Sniffer mode simply reads packets from the network and displays them on the terminal as a continuous stream. Packet recorder mode records packets to hard disk. The network intrusion/intrusion viewing mode is the most messy and configurable. We can have snort analyze the network data flow to match some user-defined rules and take certain actions based on the results of the viewing.)