Re: Correct version of libpcap?

[Erek Adams <erek () snort org>]

On Mon, 2 Feb 2004, Sheahan, Paul wrote:

> I'm currently running Snort 2.0.5 build 98 on RHLinux 8.0, and in a
> previous post when I asked about Snort dropping packets, someone
> mentioned that I should be sure I'm using "Phil Wood's version of
> libpcap". Can someone point me to the appropriate version of libpcap
> that I should be runnning? I've already applied as many tweaks as I
> could think of, and want to rule this out next.

Ok, the short answer is 'Google is your friend'.  :)

Long answer--If you're not running on a Linux based system, then Phil's
patches aren't going to help since they aren't ported.  If you are on a
Linux based OS, then you can use the libpcap that he has and get a marked
performance increase.  He uses a ring buffer and some other black magic
mojo to make libpcap dance it's fool head off. :)

Cheers!

-----
Erek Adams

 "It looks just like a Telefunken U-47.  You'll love it..."  -- Frank Zappa


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users