Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Where's the libpcap library with the S. Krahmer patch?

From: "Escudero, Peter Louis" <peterlouis.escudero () eds com>
Date: Thu, 31 Mar 2005 14:55:20 -0500
Many thanks. We've decided to run multiple instances of snort.

Peter

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Dirk
Geschke
Sent: Wednesday, March 30, 2005 2:41 AM
To: Escudero, Peter Louis
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Where's the libpcap library with the S.
Krahmer patch?

Hi Peter,


Greetings! We'd like to run snort on multiple interfaces 
simultaneously. The documentation says that "for linux 2.1.x/2.2.x and



higher you can use libpcap library with S. Krahmer's patch which 
allows you to specify 'any' as interface name." Where can we get this 
library with Krahmer's patch? Thanks a lot & regards.


as fas as I remember you won't need the patch for actual kernel versions
(2.4 or higher).

And maybe it would be a better idead to use the bonding device.
Here you can specify which interfaces should be grouped to a bond device
and sniff on that. 

If you have a seperate network to insert the alerts in a database it
would be a good idea to remove this interface from the list.
(The probabilty is high to find a matching pattern in the database
inserts and thus end up in an endless loop...)

Best regards

Dirk


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid
reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/info/Sentarus/hamr30
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: