[Bro] Using other libpcaps and bro-0.9
Stephen J Smoogen
smoogen at lanl.gov
Fri Mar 18 12:55:55 PST 2005
Jason Lee (DSD staff) wrote:
> It should be fairly straight forward to use other libpcaps
> with bro. There is an option to configure (--disable-localpcap)
> the will disable including the pcap distributed with bro, and
> instead will search for a libpcap on the system. I believe that
> bro will first look for a libpcap directory at the same level
> as the bro directory, and if it doesn't find one at that level
> it looks for one installed on the system.
> There was a bug in the --disable-localpcap, and I'm not sure if
> the fix is the last release. Let me know if you have any problems,
> the patch is only a couple of lines.
> Hope this helps.
Thanks it does help. I think that I dont have the patch.. it seems to be
looking for stuff in the pcap directory.. but I havent looked at it too
deeply so I could be off still.
> Stephen J Smoogen wrote:
>> Hi I am just started with bro to evaluate it against the other tools
>> we have. The first question I have is about using different libpcaps.
>> We have our own fork of libpcap here (Phil Woods code) and I am
>> needing to use it as a comparison with our snort and other tools. How
>> hard is it to compile bro with another version of libpcap :)?
Stephen John Smoogen | CCN-5 Security Team
LANL SIRT Team Lead | SMTP: smoogen at lanl.gov
Los Alamos National Laboratory | Voice: 505.664.0645
Ta-03 SM-1498 MS: B255 DP 10S | FAX: 505.665.7793
Los Alamos, NM 87545 | PGR: 505.664.1535
More information about the Bro