[Snort-users] simultaneous snort and tcpdump

Bennett Todd bet at ...6163...
Fri Sep 20 10:46:03 EDT 2002


In testing, I've run both snort and tcpdump (and other libpcap based
sniffing programs) concurrently against the same promisc interface,
and even concurrently used that same interface for real network
interaction.

As far as I know, you can just run your snort and your tcpdump at
the same time; while the performance consequences might not be
ideal, I suspect they'd be better than one tcpdump teeing to a fifo
for snort then piping into another tcpdump.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020920/13c4397f/attachment.sig>


More information about the Snort-users mailing list