[Snort-sigs] Snort, DAQ, and the -r option for reading files with network data

Russ Combs rcombs at ...435...
Thu Oct 25 10:21:51 EDT 2012


It goes through the DAQ either way, which is the purpose of having a DAQ.
It allows one Snort to work with a variety of interface types, including a
"file interface", which is supported by the Pcap DAQ.

On Thu, Oct 25, 2012 at 10:14 AM, Miso Patel <miso.patel at ...2420...> wrote:

> In the morning meeting, my engineers got in an argument about using the
> "-r" option in Snort to read network traffic files.  When one does this,
> does it go through the DAQ library or does the DAQ not matter in this case?
>
> Probably this is a stupid or simple question but if I can get the answer
> by lunch time, half of the engineers will eat free since the other half
> will pay if they loose :)  (I always eat free, lol).
>
> Thanks.
>
> -Miso, CISO
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20121025/9bea99a7/attachment.html>


More information about the Snort-sigs mailing list