[Snort-users] Snort 22.214.171.124 & Phil Wood's modified libpcap
eoin.miller at ...14586...
Tue Feb 8 10:19:54 EST 2011
On 2/8/2011 3:06 PM, Weir, Jason wrote:
> Good question, google was not conclusive....
> The change file (goes back to 1994) http://www.tcpdump.org/libpcap-changes.txt doesn't mention mmap or ring buffer.
> Anyone have definitive proof that the latest libpcap versions have the good stuff included
Just read about the buffer_size environment variable or use -B to
specify it when you do a tcpdump with 4.0.0> using libpcap 1.0.0>.
But also, libdaq handles the buffering for you with Snort 2.9.0.x. Also,
it is required by Snort 2.9.0.x and libdaq requires libpcap-1.0.0 or
higher, probably for this specific reason.
More information about the Snort-users