[Snort-users] Correct version of libpcap?
erek at ...950...
Mon Feb 2 15:05:18 EST 2004
On Mon, 2 Feb 2004, Sheahan, Paul wrote:
> I'm currently running Snort 2.0.5 build 98 on RHLinux 8.0, and in a
> previous post when I asked about Snort dropping packets, someone
> mentioned that I should be sure I'm using "Phil Wood's version of
> libpcap". Can someone point me to the appropriate version of libpcap
> that I should be runnning? I've already applied as many tweaks as I
> could think of, and want to rule this out next.
Ok, the short answer is 'Google is your friend'. :)
Long answer--If you're not running on a Linux based system, then Phil's
patches aren't going to help since they aren't ported. If you are on a
Linux based OS, then you can use the libpcap that he has and get a marked
performance increase. He uses a ring buffer and some other black magic
mojo to make libpcap dance it's fool head off. :)
"It looks just like a Telefunken U-47. You'll love it..." -- Frank Zappa
More information about the Snort-users