[Snort-devel] Snort vs. Libpcap versions.
erek at ...835...
Sat May 31 20:48:06 EDT 2003
On Sat, 31 May 2003, larosa, vjay wrote:
> Can anybody give me a clue as to what version of libpcap is recommended to
> be used with snort? I believe that I heard Marty say at last years SANS
> boston IDS class that the older 0.4 version is what he recommends. Then I
> believe while reading the new Snort 2.0 book from Syngress it says to use
> the latest and greatest version of libpcap. Any comments?
Both are right. :) Almost anything greater than 0.4 will be fine. Be
careful with the CVS tarballs, I've had some folks who can't compile from
If running on a Linux based system, you might want to check out Phil
Wood's "Burnt Offerings" . You can find one very nice libpcap patch
for Linux 2.4.x kernels that adds MMAP, ring buffers and supports
TurboPacket. From what people have said, there is usually a gain from
using the patches. I don't run a Liunux based box so I haven't gotten a
chance to beat on it myself.
Hope that helps!
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-devel