Menu
▾
▴
Re: [Snort-inline-users] Acquisition plugins
|
From: Victor J. <vi...@nk...> - 2004-09-09 06:08:47
|
Hi Nate, Snort_inline needs to get it's packets from the Packet Filter of the OS. For Linux/iptables this is done through the QUEUE target. As far as i know this is considerably slower than snort+pcap. But we need the underlying packetfilter to do the actual dropping for us. For Snort_inline, i don't really know what the bottleneck is, but can you describe your setup and problems? Regards, Victor On Wednesday 08 September 2004 22:07, Nathaniel Haggard wrote: > This quote from Snort 2.0 Intrusion Detection by Brain Caswell > published by syngress leads me to believe that there is such a thing > as acquisition plugins: "The Snort 2.0 architecture allows for what > are called 'acquisition plug-ins.' These plug-ins allow a developer to > write a specific packet-capture network card driver for a particular > operating system (Linux), and this plug-in would provide Snort with > packet capture at much higher speeds." > > I'm interested in "much higher speeds" such as 350MB+ does anyone have > any information on these plugins such as where to get them or how to > start developing such a plugin? > > Thanks, > Nate > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users |
