Snort mailing list archives
PF_RING question
From: "Dennis Henderson" <hendo () hendohome com>
Date: Wed, 22 Jun 2005 22:16:09 -0500
Is there anyone out there using PF_RING for your snort setup? I seem to have it compiled into the kernel and have a modified libpcap that works. The problem is that I think that PF_RING is only letting me see 68 bytes of every packet. I'm using env vars PCAP_FRAMES=max and PCAP_SNAPLEN=1514 but when I actually sniff the traffic using tcpdump with a -s 1514, I don't see packets bigger than 68 bytes. Have any of you clueful persons out there seen this behavior? Thanks Dennis ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- PF_RING question Dennis Henderson (Jun 22)
- <Possible follow-ups>
- RE: PF_RING question Milani Paolo (Jun 23)
- RE: PF_RING question Dennis Henderson (Jun 23)