[Bro] Using other libpcaps and bro-0.9
Jason Lee (DSD staff)
jrlee at lbl.gov
Fri Mar 18 12:54:31 PST 2005
It should be fairly straight forward to use other libpcaps
with bro. There is an option to configure (--disable-localpcap)
the will disable including the pcap distributed with bro, and
instead will search for a libpcap on the system. I believe that
bro will first look for a libpcap directory at the same level
as the bro directory, and if it doesn't find one at that level
it looks for one installed on the system.
There was a bug in the --disable-localpcap, and I'm not sure if
the fix is the last release. Let me know if you have any problems,
the patch is only a couple of lines.
Hope this helps.
Stephen J Smoogen wrote:
> Hi I am just started with bro to evaluate it against the other tools we
> have. The first question I have is about using different libpcaps. We
> have our own fork of libpcap here (Phil Woods code) and I am needing to
> use it as a comparison with our snort and other tools. How hard is it to
> compile bro with another version of libpcap :)?
More information about the Bro