Some confusion about Snort ++

[Nacht Z <NachtZ () outlook com>]

Hello:
I have some confusion about the multithread in Snort++.
I found that when use the option -z like snort --daq-dir /usr/local/lib/daq/ -i enp12s0 --bpf 'not ip' -z 5. I found 
that both five threads run and analyse the same NIC. So when Snort++ try to open one NIC five times, what will happend. 
Failed in open or all succssed and get the same traffic in all thread.(I have tried to search it in system log but 
found nothing in log.) If the snort++ can get the same traffic in five threads, I can’t understand why it need five 
thread, all of them are doing the same thing. If not, I think the program need to print warning message in the screen 
or log.
The second question. if I use more than one interface like snort --daq-dir /usr/local/lib/daq/ -i enp12s0:enp12s1 --bpf 
'not ip' -z 5 , the snort++ will show that every thread of the snort++ get traffic from both NICs. So if I want use 
enp12s0 in thread 0 and use enp12s1 in thread 1. What should I do.
Hope someone can help me. Thanks very much.

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!