[Snort-users] PF_RING question
hendo at ...3663...
Wed Jun 22 20:17:44 EDT 2005
Is there anyone out there using PF_RING for your snort setup?
I seem to have it compiled into the kernel and have a modified libpcap that
The problem is that I think that PF_RING is only letting me see 68 bytes of
I'm using env vars PCAP_FRAMES=max and PCAP_SNAPLEN=1514 but when I
actually sniff the traffic using tcpdump with a -s 1514, I don't see packets
bigger than 68 bytes.
Have any of you clueful persons out there seen this behavior?
More information about the Snort-users