Snort, one of the best Open Source Network Intrusion Detection Systems, is analysed in detail, in this paper, for the sake of searching network intrusion detection system. Then a solution is proposed to eliminate the redundancy of snort's rule chain. Experiments are done, which show that the solution proposed is correct and effective. Finally, on the basis of ARP technology approach, NIDS is developed with the improved snort as kernel module. Its excellent performance proves the solution to be valid once again.