[Snort-devel] Packet Capturing

Mahammed Faiz Aboalmaali mohammadfaiz2003 at ...398...
Mon Mar 26 01:35:01 EDT 2012


Dear All,
Have a good day,
I have a question about how snort capture the packets using libpcap. From my understanding in libpcap there are two function for capturing packets, pcap_loop() and pcap_next_ex(). which one of them used by Snort and why?. and generally which one of there function is more preferable (faster) for high speed links ? . Sorry if my question is not reliable.  
by the way, I found these two function in the tutorials of WinPcap, but I think that both, libpcap and winpcap are compatible. 
Regards,
Mohammed Faiz Aboalmaaly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20120325/9d6c1fbe/attachment.html>


More information about the Snort-devel mailing list