Many companies and organizations offer IT-services (news papers, socialsites, web developers and etc.) to the public, and those services needs to beprotected. The amount of computer threats are increasing drastically, andmany attacks are directed to those services companies offer. Larger companieshave the economy to buy expensive security tools to protect their services,while smaller companies may have the same economy.Open source is an interesting field for those who do not have the need orthe economy to buy expensive security solutions. Intrusion detection systemis a well known security tool, and it could either be bought as a payment solution,or be downloaded from the web as an open source solution. Snort,Bro and Suricata are three different open source network intrusion detectionsystems.By comparing installation, configuration, alarms and information one canfind out which solution that fits your network best. The process of setting upthe test environment, installation and configuration of Snort, Bro and Suricata,and installation of Metasploit have been a time consuming process. Snort, Broand Suricata have been tested in a network, and against a Metasploit frameworkwith known exploits. Running Snort, Bro and Suricata in a network,have shown huge differences regarding the number of alarms produced, andalso differences in the logs produced. The results after running Metasploitshowed some unexpected but clarifying results in the logs created. The wholeprocess has been evaluated, and there has been given a summary of Snort, Broand Suricata regarding installation, configuration and alarms.