Quite frankly, I've always been surprised that Snort supports Windows at
all, but given that there is a port of pcap to windows it's not all that
hard. Given that it's a popular platform the relatively low pain level of
making a windows port makes it worthwhile having one.

However, let's face it. Snort is written from the ground up as a Unix
application. The fact that it is somewhat portable to windows facilitates
the existence of a windows version, but that was not an original design
criteria of Snort as far as I know. It is a nice extra for it to be usable
on both, but I don't think Marty sat down before writing Snort and said "If
I'm going to do this it must run on Windows too". (Note: that's an opinion,
I'm taking a loosely educated guess and am not trying to put words into
Marty's mouth, he can feel free to correct me if he feels the need :))

Pcap is also a unix piece of software, which happens to have a windows
port, but let's face it.. it also wasn't designed for Windows. It is THE
standard for packet capture on unix platforms. Others exist, but let's face
it, none have the same level of prevalence as pcap does.

It would be VERY nice to improve pcap's support for SMP windows sure, but
that's really an issue to take up with the winpcap guys, not the Snort team.

As far as packet capture libs for Windows go... are there any out there
besides winpcap that are free to use, much less open-source?

If you really want a program that will take the fullest advantage of a
Windows system, you're probably better off with a piece of software that
was written for Windows in the first place. It's damn near impossible to
write a program that's optimal for both Windows and Unix platforms, and one
is always going to be a compromise. The application interfaces for advanced
programing are just way too different to have the same code work optimaly
for both.

At 10:52 AM 12/4/2002 +0200, Tal wrote:

>I am working with SNORT with my win2k for few weeks now, only realizing it
>is not working on SMP machines with windows installments few days ago.
>
>I was reading a lot of good reviews of this open source and I even
>stumbled over a comparative analysis with the other tools currently
>available on the market.
>
>I must say that although the problem originate from the winpcap usage and
>not from any SNORT specific code, this problem raise a big question mark
>as for the validity of using SNORT for windows (random blue screens or
>forcing the usage of only one processor are not acceptable solutions imho).
>
>I am not trying to criticize SNORT nor do I intend to slander it. I am
>just stating my disbelief that a product which for many seems a standard
>would not support SMP with windows.
>
>Do you guys have any plans for replacing the winpcap library? Help in
>fixing the winpcap SMP problems? Support any other packet capturing library?
>
>Thank you in advance.
>
>Tal Beno.

-------------------------------------------------------
This SF.net email is sponsored by: Microsoft Visual Studio.NET
comprehensive development tool, built to increase your
productivity. Try a free online hosted session at:
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]