[Snort-devel] Packet Capturing

Russ Combs rcombs at ...402...
Fri Mar 30 10:43:58 EDT 2012


Grab the DAQ tarball off snort.org and have a look at daq_pcap.c.
If you have questions about libpcap, tcpdump.org is the place to check.
On Mon, Mar 26, 2012 at 1:35 AM, Mahammed Faiz Aboalmaali <
mohammadfaiz2003 at ...398...> wrote:

>  Dear All,
> Have a good day,
> I have a question about how snort capture the packets using libpcap. From
> my understanding in libpcap there are two function for capturing packets,
> pcap_loop() and pcap_next_ex(). which one of them used by Snort and why?.
> and generally which one of there function is more preferable (faster) for
> high speed links ? . Sorry if my question is not reliable.
> by the way, I found these two function in the tutorials of WinPcap, but I
> think that both, libpcap and winpcap are compatible.
> *Regards,*
> *Mohammed Faiz Aboalmaaly*
>
>
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20120330/25021e3a/attachment.html>


More information about the Snort-devel mailing list