Re: Snort, DAQ, and the -r option for reading files with network data

[Russ Combs <rcombs () sourcefire com>]

It goes through the DAQ either way, which is the purpose of having a DAQ.
It allows one Snort to work with a variety of interface types, including a
"file interface", which is supported by the Pcap DAQ.

On Thu, Oct 25, 2012 at 10:14 AM, Miso Patel <miso.patel () gmail com> wrote:

> In the morning meeting, my engineers got in an argument about using the
> "-r" option in Snort to read network traffic files.  When one does this,
> does it go through the DAQ library or does the DAQ not matter in this case?
>
> Probably this is a stupid or simple question but if I can get the answer
> by lunch time, half of the engineers will eat free since the other half
> will pay if they loose :)  (I always eat free, lol).
>
> Thanks.
>
> -Miso, CISO
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!