|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [snort] snort uses obsolete (PF_INET,SOCK_PACKET)
From: CyberPsychotic (fygrave
epr0.org)Date: Sat Mar 04 2000 - 15:52:52 CST
- Next message: CyberPsychotic: "Re: [snort] Anybody got a clue"
- Previous message: CyberPsychotic: "Re: [snort] Beta 10.2 (w' Tru64 support) ready [CVS & WWW]"
- In reply to: CyberPsychotic: "Re: [snort] snort uses obsolete (PF_INET,SOCK_PACKET)"
- Reply: CyberPsychotic: "Re: [snort] snort uses obsolete (PF_INET,SOCK_PACKET)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
~ :worth to give it again, he has added some cool feature to libpcap:
~ :devicename called `any'. (which would let you to monitor all devices on
~ :linux). It should work flawlessly with snort too, if the datalink is the
~ :same on all of them. :)
lame to respond to my own messages :),anyway ..., with device `any'
datalink type is always DLT_RAW. I've made some minor fixes so all non-IP
datagrams would be ignored here (since there's no way to recognize type of
a datagram, and ARP datagrams printed as IP look confusing :-)). Changes
are in CVS.
-Fyodor
- Next message: CyberPsychotic: "Re: [snort] Anybody got a clue"
- Previous message: CyberPsychotic: "Re: [snort] Beta 10.2 (w' Tru64 support) ready [CVS & WWW]"
- In reply to: CyberPsychotic: "Re: [snort] snort uses obsolete (PF_INET,SOCK_PACKET)"
- Reply: CyberPsychotic: "Re: [snort] snort uses obsolete (PF_INET,SOCK_PACKET)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]