[Snort-devel] Composite keys in Snort DB schema
frank at ...2134...
Thu Aug 26 18:17:10 EDT 2004
On Thu, 2004-08-26 at 19:00, Martin Roesch wrote:
> I'm kicking around adding a "serial number" field to the Packet struct.
> It would probably look something like:
> typedef struct _PktSerial
> u_int8_t collection_mac; /* MAC addr of the interface this packet
> was collected on */
Tracking by MAC address? Eeww... How do you handle things when you need
to replace the sniffing network card? Force the old MAC on the new card
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-devel