[Snort-devel] Composite keys in Snort DB schema

Frank Knobbe frank at ...2134...
Thu Aug 26 18:17:10 EDT 2004


On Thu, 2004-08-26 at 19:00, Martin Roesch wrote:
> I'm kicking around adding a "serial number" field to the Packet struct. 
>   It would probably look something like:
> 
> typedef struct _PktSerial
> {
> 	u_int8_t collection_mac[6];	/* MAC addr of the interface this packet 
> was collected on */


Tracking by MAC address? Eeww... How do you handle things when you need
to replace the sniffing network card? Force the old MAC on the new card
through software?

Regards,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040826/bc1825c6/attachment.sig>


More information about the Snort-devel mailing list