[Snort-devel] Patch for supporting remote adapters in snort
cmg at ...402...
Wed May 21 07:38:09 EDT 2003
"Fulvio Risso" <fulvio.risso at ...157...> writes:
> Hello folks.
> As you may have been noticed, the new WinPcap 3.0 adds support for1
> remote capture. I think this could be very useful in snort as well.
> The changes required to support this feature are really limited.
Good Day Fulvio,
I'm perhaps a bit naive but I'm having trouble understanding the use
of such a feature. Is it so that windows users can get the same type
of functionality as ssh host tcpdump -s 1514 -w - | snort -dev -r - so
they can use all their myriad of trouble shooting apps and install a
single remote capture thingie?
I don't see this being useful for IDS because of the latency but for
trouble shooting type applications, I understand it.
Does it still act like a normal filter ( a remote pcap without a bpf
filter seems like a lossy interface)?
Chris Green <cmg at ...402...>
Fame may be fleeting but obscurity is forever.
More information about the Snort-devel