Re: your mail (linux mmap mode libpcap)

[Phil Wood <cpw () lanl gov>]

On Wed, Dec 29, 2004 at 12:46:45AM +0000, Basselgia, Barry A Mr (NAF Atsugi) wrote:
> I've downloaded and installed libpcap with mmap mode on my snort box.
>
> I've added PCAP_FRAMES=max to my environment.

In addition, use PCAP_VERBOSE=1 and look for a line with 'MMAP' in it on STDERR.

Use libpcap (libpcap-1.0.20041001.tar.gz) and you can set PCAP_FRAMES=65536
on linux kernels > 2.4.25.  See Linux Kernel documentation:

  /usr/local/src/linux-2.4.26/Documentation/networking/packet_mmap.txt

> When I run TCPDUMP it says it's running in MMAP mode.
>
> But, nothing has changed in the startup message for snort.  Is there a way
> to verify that snort/libpcap is using mmap mode?
>
> Barry
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now. 
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood (cpw_at-sign_lanl.gov)


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users