Feeding Snort Packets with Libpcap
To get packets into the preprocessors and then the main detection engine, some prior labor must first occur. Snort has no native packet capture facility yet; it requires an external packet sniffing library: libpcap. Libpcap was chosen for packet capture for its platform independence. It can be run on every popular combination of hardware and OS; there is even a Win32 port—winpcap. Because Snort utilizes the libpcap library to grab packets off the wire, it can leverage lipbcap's platform portability and be installed almost anywhere. Using libpcap makes Snort a truly platform-independent application.
The responsibility for grabbing packets directly from the network interface card belongs to libpcap. It makes the ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
