Snort mailing list archives
Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram?
From: Michael Altizer <xiche () verizon net>
Date: Sun, 30 Jan 2011 15:30:57 -0500
On 01/30/2011 02:10 PM, Michael Scheidell wrote:
Snort will always be using LibDAQ, so don't worry about that. For example, in your case it is going Snort -> LibDAQ -> LibPCAP -> FreeBSD BPF.so, I am still wondering if snort is using daq !
There is, however, a legitimate (and a tad embarrassing) bug in the current PCAP DAQ module where it is not properly parsing the "buffer_size" DAQ variable. I'll be entering a bug on the Sourcefire side to fix this, thanks for uncovering it. If you want to fix it locally, you can use the attached patch and rebuild the PCAP DAQ module.
Attachment:
pcap_buffer_size_fix.patch
Description:
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 29)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Altizer (Jan 29)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Frank Knobbe (Jan 30)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Frank Knobbe (Jan 30)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Altizer (Jan 30)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Russ Combs (Jan 31)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 31)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Russ Combs (Jan 31)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Altizer (Feb 01)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Feb 01)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Altizer (Jan 29)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Altizer (Jan 30)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)
- Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? List Subscriptions (Jan 30)
- not yet:: Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram? Michael Scheidell (Jan 30)