Snort mailing list archives
libpcap mmap issues on Snort
From: Anand Raj Manickam <anandrm () gmail com>
Date: Fri, 8 Aug 2014 12:42:58 +0530
Hi, This is a followup to the email thread - http://seclists.org/snort/2014/q3/547 I m running Snort on Mirror/SPAN port . I have been facing a issue where the packets got internal fragmentation / split on libpcap due which snort was failing to Inspect packets. When "HAVE_PACKET_RING" code was disabled in libpcap and rebuild , Snort was able to Inspect packets right. But the issue post this was , i was able to run only one flow / connection . Beyond a single connection , i was not able to interrupt the snort process (Ctrl + C) fails to summarize the reports . Thanks, ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- libpcap mmap issues on Snort Anand Raj Manickam (Aug 08)
- <Possible follow-ups>
- Re: libpcap mmap issues on Snort Anand Raj Manickam (Aug 11)