[Snort-users] I find it odd that this product would not be supported for SMP win2k machines

Jeremy Loukinas sunadmin at ...7514...
Wed Dec 4 11:00:02 EST 2002

Or just use Unix/Linux in the first place. 

> From: Matt Kettler <mkettler at ...4108...>
> Date: 2002/12/04 Wed PM 01:52:28 EST
> To: "Tal" <tal.beno at ...7661...>,  <snort-users at lists.sourceforge.net>
> Subject: Re: [Snort-users] I find it odd that this product would not be
>   supported for SMP win2k machines
> Quite frankly, I've always been surprised that Snort supports Windows at 
> all, but given that there is a port of pcap to windows it's not all that 
> hard. Given that it's a popular platform the relatively low pain level of 
> making a windows port makes it worthwhile having one.
> However, let's face it. Snort is written from the ground up as a Unix 
> application. The fact that it is somewhat portable to windows facilitates 
> the existence of a windows version, but that was not an original design 
> criteria of Snort as far as I know. It is a nice extra for it to be usable 
> on both, but I don't think Marty sat down before writing Snort and said "If 
> I'm going to do this it must run on Windows too". (Note: that's an opinion, 
> I'm taking a loosely educated guess and am not trying to put words into 
> Marty's mouth, he can feel free to correct me if he feels the need :))
> Pcap is also a unix piece of software, which happens to have a windows 
> port, but let's face it.. it also wasn't designed for Windows. It is THE 
> standard for packet capture on unix platforms. Others exist, but let's face 
> it, none have the same level of prevalence as pcap does.
> It would be VERY nice to improve pcap's support for SMP windows sure, but 
> that's really an issue to take up with the winpcap guys, not the Snort team.
> As far as packet capture libs for Windows go... are there any out there 
> besides winpcap that are free to use, much less open-source?
> If you really want a program that will take the fullest advantage of a 
> Windows system, you're probably better off with a piece of software that 
> was written for Windows in the first place. It's damn near impossible to 
> write a program that's optimal for both Windows and Unix platforms, and one 
> is always going to be a compromise. The application interfaces for advanced 
> programing are just way too different to have the same code work optimaly 
> for both.
> At 10:52 AM 12/4/2002 +0200, Tal wrote:
> >I am working with SNORT with my win2k for few weeks now, only realizing it 
> >is not working on SMP machines with windows installments few days ago.
> >
> >I was reading a lot of good reviews of this open source and I even 
> >stumbled over a comparative analysis with the other tools currently 
> >available on the market.
> >
> >I must say that although the problem originate from the winpcap usage and 
> >not from any SNORT specific code, this problem raise a big question mark 
> >as for the validity of using SNORT for windows (random blue screens or 
> >forcing the usage of only one processor are not acceptable solutions imho).
> >
> >I am not trying to criticize SNORT nor do I intend to slander it. I am 
> >just stating my disbelief that a product which for many seems a standard 
> >would not support SMP with windows.
> >
> >Do you guys have any plans for replacing the winpcap library? Help in 
> >fixing the winpcap SMP problems? Support any other packet capturing library?
> >
> >Thank you in advance.
> >
> >Tal Beno.
> -------------------------------------------------------
> This SF.net email is sponsored by: Microsoft Visual Studio.NET 
> comprehensive development tool, built to increase your 
> productivity. Try a free online hosted session at:
> http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list