[Snort-devel] Patch for supporting remote adapters in snort

Chris Green cmg at ...402...
Wed May 21 07:38:09 EDT 2003


"Fulvio Risso" <fulvio.risso at ...157...> writes:

> Hello folks.
>
> As you may have been noticed, the new WinPcap 3.0 adds support for1
> remote capture.  I think this could be very useful in snort as well.
> The changes required to support this feature are really limited.

Good Day Fulvio,

I'm perhaps a bit naive but I'm having trouble understanding the use
of such a feature. Is it so that windows users can get the same type
of functionality as ssh host tcpdump -s 1514 -w - | snort -dev -r - so
they can use all their myriad of trouble shooting apps and install a
single remote capture thingie?

I don't see this being useful for IDS because of the latency but for
trouble shooting type applications, I understand it.

Does it still act like a normal filter ( a remote pcap without a bpf
filter seems like a lossy interface)?
--
Chris Green <cmg at ...402...>
Fame may be fleeting but obscurity is forever.




More information about the Snort-devel mailing list