[Snort-users] Looooots of "Outstanding" and "Analyzed" packets - counter wrap ?

Andreas Maus maus at ...13999...
Mon Nov 27 04:30:45 EST 2006


On Sun, Nov 26, 2006 at 09:43:24AM -0700, Bamm Visscher wrote:
> 
> What version of libpcap do you have installed?
Hmmm ... Never thought of that.
Snort is linked against:

maus at ...14000...:~$ ldd /usr/local/bin/snort | grep pcap
        libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0x0000002a9577b000)

which is from the libpcap0.8 debian package:

maus at ...14000...:~$ apt-cache show libpcap0.8
Package: libpcap0.8
Priority: optional
Section: libs
Installed-Size: 236
Maintainer: Romain Francoise <rfrancoise at ...1015...>
Architecture: amd64
Version: 0.8.3-5
Depends: libc6 (>= 2.3.2.ds1-4)
Filename: pool/main/libp/libpcap0.8/libpcap0.8_0.8.3-5_amd64.deb
Size: 86026
MD5sum: a04b5d9c228a34262937c56ba2d19c38
Description: System interface for user-level packet capture
 libpcap (Packet CAPture) provides a portable framework for low-level
 network monitoring.  Applications include network statistics collection,
 security monitoring, network debugging, etc.
 .
 Since almost every system vendor provides a different interface for
 packet capture, and since there are several tools that require this
 functionality, we've created this system-independent API to ease in
 porting and to alleviate the need for several system-dependent packet
 capture modules in each application.
 .
 Further information is available at <URL: http://www.tcpdump.org/>

I will try a more current (0.9.5) version.

Andreas.





More information about the Snort-users mailing list