Re: Where's the libpcap library with the S. Krahmer patch?

[Dirk Geschke <dirk () geschke-online de>]

Hi Peter,

> Greetings! We'd like to run snort on multiple interfaces simultaneously. The
> documentation says that "for linux 2.1.x/2.2.x and higher you can use
> libpcap library with S. Krahmer's patch which allows you to specify 'any' as
> interface name." Where can we get this library with Krahmer's patch? Thanks
> a lot & regards.

as fas as I remember you won't need the patch for actual kernel
versions (2.4 or higher).

And maybe it would be a better idead to use the bonding device.
Here you can specify which interfaces should be grouped to a bond
device and sniff on that. 

If you have a seperate network to insert the alerts in a database
it would be a good idea to remove this interface from the list.
(The probabilty is high to find a matching pattern in the database
inserts and thus end up in an endless loop...)

Best regards

Dirk


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users