Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: I find it odd that this product would not be supported for SMP win2k machines

From: Jeremy Loukinas <sunadmin () fuse net>
Date: Wed, 4 Dec 2002 13:59:13 -0500
Or just use Unix/Linux in the first place. 



From: Matt Kettler <mkettler () evi-inc com>
Date: 2002/12/04 Wed PM 01:52:28 EST
To: "Tal" <tal.beno () appilog com>,  <snort-users () lists sourceforge net>
Subject: Re: [Snort-users] I find it odd that this product would not be
  supported for SMP win2k machines

Quite frankly, I've always been surprised that Snort supports Windows at 
all, but given that there is a port of pcap to windows it's not all that 
hard. Given that it's a popular platform the relatively low pain level of 
making a windows port makes it worthwhile having one.

However, let's face it. Snort is written from the ground up as a Unix 
application. The fact that it is somewhat portable to windows facilitates 
the existence of a windows version, but that was not an original design 
criteria of Snort as far as I know. It is a nice extra for it to be usable 
on both, but I don't think Marty sat down before writing Snort and said "If 
I'm going to do this it must run on Windows too". (Note: that's an opinion, 
I'm taking a loosely educated guess and am not trying to put words into 
Marty's mouth, he can feel free to correct me if he feels the need :))

Pcap is also a unix piece of software, which happens to have a windows 
port, but let's face it.. it also wasn't designed for Windows. It is THE 
standard for packet capture on unix platforms. Others exist, but let's face 
it, none have the same level of prevalence as pcap does.

It would be VERY nice to improve pcap's support for SMP windows sure, but 
that's really an issue to take up with the winpcap guys, not the Snort team.

As far as packet capture libs for Windows go... are there any out there 
besides winpcap that are free to use, much less open-source?

If you really want a program that will take the fullest advantage of a 
Windows system, you're probably better off with a piece of software that 
was written for Windows in the first place. It's damn near impossible to 
write a program that's optimal for both Windows and Unix platforms, and one 
is always going to be a compromise. The application interfaces for advanced 
programing are just way too different to have the same code work optimaly 
for both.


At 10:52 AM 12/4/2002 +0200, Tal wrote:


I am working with SNORT with my win2k for few weeks now, only realizing it 
is not working on SMP machines with windows installments few days ago.

I was reading a lot of good reviews of this open source and I even 
stumbled over a comparative analysis with the other tools currently 
available on the market.

I must say that although the problem originate from the winpcap usage and 
not from any SNORT specific code, this problem raise a big question mark 
as for the validity of using SNORT for windows (random blue screens or 
forcing the usage of only one processor are not acceptable solutions imho).

I am not trying to criticize SNORT nor do I intend to slander it. I am 
just stating my disbelief that a product which for many seems a standard 
would not support SMP with windows.

Do you guys have any plans for replacing the winpcap library? Help in 
fixing the winpcap SMP problems? Support any other packet capturing library?

Thank you in advance.

Tal Beno.




-------------------------------------------------------
This SF.net email is sponsored by: Microsoft Visual Studio.NET 
comprehensive development tool, built to increase your 
productivity. Try a free online hosted session at:
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.net email is sponsored by: Microsoft Visual Studio.NET 
comprehensive development tool, built to increase your 
productivity. Try a free online hosted session at:
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: