Snort mailing list archives

libpcap and ppp vs. ether

From: Phil <foo_bar_00 () yahoo com>
Date: Mon, 6 Aug 2001 00:09:06 -0700 (PDT)

Hey all,

I remember reading on this list that libpcap can grab
packets before IPFilter on ethernet devices but not on
ppp devices.

What about for PPPoE? I use RP-PPPoE on Solaris and it
creates a virtual ppp0 interface ON TOP of my elxl0
interface. This is what IPFilter protects. So is
libpcap to grab packets before IPFilter blocks them on
this virtual ppp0 on ethernet device? I AM getting
logs, however, when I ran the 'attack scripts' from
another location, they DIDN'T cause additional logs. I
found that very strange.

Thanks,
Phil

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

libpcap and ppp vs. ether Phil (Aug 06)
- libpcap and iptables Jyri Hovila (Aug 06)