[Snort-devel] Interfaces

Dragos Ruiu dr at ...40...
Fri Sep 1 07:49:44 EDT 2000

On Thu, 31 Aug 2000, Subba Rao wrote:
> Hello Everyone,
> I am looking through the code and see that Snort checks only
> the ethernet interface. Are there any plans to include the modem
> interface too?

Actually that stuff is the job of libpcap.  And I don't know
if pcap supports monitoring ppp over /dev/cua or whatever.

Snort just opens the devices through libpcap.... for things
like ATM the device drivers and pcap mimic ethernet for 
instance.... and it seems like right now, pcap can take in
TR, FDDI, and ethernet...  Now I haven't fully dug through
the new libpcap, and it may support it, but if it doesn't
the right place to get this functionality is through libpcap.
Now that's it's being maintained again (www.tcpdump.org) 
maybe someone there would be amenable to working on it?

dursec.com ltd. / kyx.net - we're from the future
pgp fingerprint: 18C7 E37C 2F94 E251 F18E  B7DC 2B71 A73E D2E8 A56D 
pgp key: http://www.dursec.com/drkey.asc

More information about the Snort-devel mailing list