[Snort-users] I find it odd that this product would not be supported for SMP win2k machines
sunadmin at ...7514...
Wed Dec 4 11:00:02 EST 2002
Or just use Unix/Linux in the first place.
> From: Matt Kettler <mkettler at ...4108...>
> Date: 2002/12/04 Wed PM 01:52:28 EST
> To: "Tal" <tal.beno at ...7661...>, <snort-users at lists.sourceforge.net>
> Subject: Re: [Snort-users] I find it odd that this product would not be
> supported for SMP win2k machines
> Quite frankly, I've always been surprised that Snort supports Windows at
> all, but given that there is a port of pcap to windows it's not all that
> hard. Given that it's a popular platform the relatively low pain level of
> making a windows port makes it worthwhile having one.
> However, let's face it. Snort is written from the ground up as a Unix
> application. The fact that it is somewhat portable to windows facilitates
> the existence of a windows version, but that was not an original design
> criteria of Snort as far as I know. It is a nice extra for it to be usable
> on both, but I don't think Marty sat down before writing Snort and said "If
> I'm going to do this it must run on Windows too". (Note: that's an opinion,
> I'm taking a loosely educated guess and am not trying to put words into
> Marty's mouth, he can feel free to correct me if he feels the need :))
> Pcap is also a unix piece of software, which happens to have a windows
> port, but let's face it.. it also wasn't designed for Windows. It is THE
> standard for packet capture on unix platforms. Others exist, but let's face
> it, none have the same level of prevalence as pcap does.
> It would be VERY nice to improve pcap's support for SMP windows sure, but
> that's really an issue to take up with the winpcap guys, not the Snort team.
> As far as packet capture libs for Windows go... are there any out there
> besides winpcap that are free to use, much less open-source?
> If you really want a program that will take the fullest advantage of a
> Windows system, you're probably better off with a piece of software that
> was written for Windows in the first place. It's damn near impossible to
> write a program that's optimal for both Windows and Unix platforms, and one
> is always going to be a compromise. The application interfaces for advanced
> programing are just way too different to have the same code work optimaly
> for both.
> At 10:52 AM 12/4/2002 +0200, Tal wrote:
> >I am working with SNORT with my win2k for few weeks now, only realizing it
> >is not working on SMP machines with windows installments few days ago.
> >I was reading a lot of good reviews of this open source and I even
> >stumbled over a comparative analysis with the other tools currently
> >available on the market.
> >I must say that although the problem originate from the winpcap usage and
> >not from any SNORT specific code, this problem raise a big question mark
> >as for the validity of using SNORT for windows (random blue screens or
> >forcing the usage of only one processor are not acceptable solutions imho).
> >I am not trying to criticize SNORT nor do I intend to slander it. I am
> >just stating my disbelief that a product which for many seems a standard
> >would not support SMP with windows.
> >Do you guys have any plans for replacing the winpcap library? Help in
> >fixing the winpcap SMP problems? Support any other packet capturing library?
> >Thank you in advance.
> >Tal Beno.
> This SF.net email is sponsored by: Microsoft Visual Studio.NET
> comprehensive development tool, built to increase your
> productivity. Try a free online hosted session at:
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users