[Snort-users] Why does snort on Linux report this?
dr at ...381...
Sun Nov 12 18:55:57 EST 2000
On Sun, 12 Nov 2000, Jason Haar wrote:
> When I run snort in non-daemon mode and shut it down with Ctrl-C, it reports
> Snort received 43 packets.
> Packet loss statistics are unavailable under Linux. Sorry!
> What's missing in Linux that stops that working? Sounds to me like a bit of
> a hole. I mean, doesn't that mean that anyone using snort under Linux won't
> ever know if their system is dropping packets and therefore potentially
> missing attacks/etc?
Uhm... yep. Libpcap always has been the lamest piece of this whole equation,
Someone who is using snort/linux ought to really dev a patch to get snort
working with the turbo-packet capture kernel patch under linux imho...
Sorry I don't have the bandwidth to currently tackle this, but if you want
to try your hand at this and want the patch contact me. Or does someone
have a handy URL off the top of their head? I just have it in an e-mail
There have are also some other packet cpature systems being toyed with in the
newer linux kernels as I recall but I haven't looked closely in a while after
I started running my IDSes on OpenBSD and FreeBSD that do not suffer
Dragos Ruiu <dr at ...50...> dursec.com ltd. / kyx.net - we're from the future
gpg/pgp key on file at wwwkeys.pgp.net
More information about the Snort-users