[Snort-users] Where's the libpcap library with the S. Krahmer patch?
dirk at ...10648...
Wed Mar 30 02:41:42 EST 2005
> Greetings! We'd like to run snort on multiple interfaces simultaneously. The
> documentation says that "for linux 2.1.x/2.2.x and higher you can use
> libpcap library with S. Krahmer's patch which allows you to specify 'any' as
> interface name." Where can we get this library with Krahmer's patch? Thanks
> a lot & regards.
as fas as I remember you won't need the patch for actual kernel
versions (2.4 or higher).
And maybe it would be a better idead to use the bonding device.
Here you can specify which interfaces should be grouped to a bond
device and sniff on that.
If you have a seperate network to insert the alerts in a database
it would be a good idea to remove this interface from the list.
(The probabilty is high to find a matching pattern in the database
inserts and thus end up in an endless loop...)
More information about the Snort-users