Snort mailing list archives
Re: simultaneous snort and tcpdump
From: Bennett Todd <bet () rahul net>
Date: Fri, 20 Sep 2002 13:42:23 -0400
In testing, I've run both snort and tcpdump (and other libpcap based sniffing programs) concurrently against the same promisc interface, and even concurrently used that same interface for real network interaction. As far as I know, you can just run your snort and your tcpdump at the same time; while the performance consequences might not be ideal, I suspect they'd be better than one tcpdump teeing to a fifo for snort then piping into another tcpdump. -Bennett
Attachment:
_bin
Description:
Current thread:
- simultaneous snort and tcpdump Carl Gibbons (Sep 20)
- Re: simultaneous snort and tcpdump Bennett Todd (Sep 20)
- Re: simultaneous snort and tcpdump Gary Flynn (Sep 20)
- Re: simultaneous snort and tcpdump Carl Gibbons (Sep 21)
- Re: simultaneous snort and tcpdump Jason (Sep 22)
- Re: simultaneous snort and tcpdump Carl Gibbons (Sep 26)
- Re: simultaneous snort and tcpdump Bennett Todd (Sep 26)
- Re: simultaneous snort and tcpdump Carl Gibbons (Sep 26)
- Re: simultaneous snort and tcpdump Jason (Sep 26)
- Re: simultaneous snort and tcpdump Gary Flynn (Sep 20)
- Re: simultaneous snort and tcpdump Gary Flynn (Sep 26)
- Re: simultaneous snort and tcpdump Martin Roesch (Sep 26)
- Re: simultaneous snort and tcpdump Bennett Todd (Sep 20)