Snort is an open source network intrusion prevention and detection system. This is the software that sits behind your firewall and looks for traffic or activity that may indicate that the firewall has failed to keep out intruders, a second line of defence. It may be looking for traffic that is generated after a breach of your firewall, or for activity by malware or other "phone home" software.
While it can be used as a sniffer, watching network packets and streaming the data to your screen, or as a logger which does the same but writes the information to disk, it comes into its own when run in Network Intrusion Detection system (NIDS) mode. In this mode it watches the network traffic but instead of simply displaying or recording it, Snort compares the traffic against a set of rules and then takes whatever action those rules specify when it finds a match. These rules can combine the benefits of signature, protocol and anomaly-based inspection.
This means that the most important part of a Snort NIDS setup is the set of rules, and there are various rulesets available for download from snort.org to cover typical usage scenarios. If the standard rules don't fit your needs, there is plenty of documentation on how to tweak them to suit your needs, or write your own. Snort's PDF manual is almost 200 pages long, but there is also a wealth of user contributed documentation in the form of setup guides for specific scenarios.
Setting up a default NIDS for something standard like a home network is a fairly simple task. Custom setups require some more work but do give that warm feeling that goes with knowing that you now have an extra line of defence against the Internet Bad Guys.
If you are serious about your network's security, you should seriously consider Snort