[Bro] Using other libpcaps and bro-0.9

Jason Lee (DSD staff) jrlee at lbl.gov
Fri Mar 18 12:54:31 PST 2005


Stephen,

  It should be fairly straight forward to use other libpcaps
with bro. There is an option to configure (--disable-localpcap)
the will disable including the pcap distributed with bro, and
instead will search for a libpcap on the system. I believe that
bro will first look for a libpcap directory at the same level
as the bro directory, and if it doesn't find one at that level
it looks for one installed on the system.

There was a bug in the --disable-localpcap, and I'm not sure if
the fix is the last release. Let me know if you have any problems,
the patch is only a couple of lines.

Hope this helps.

Cheers,
jason


Stephen J Smoogen wrote:
> 
> Hi I am just started with bro to evaluate it against the other tools we 
> have. The first question I have is about using different libpcaps. We 
> have our own fork of libpcap here (Phil Woods code) and I am needing to 
> use it as a comparison with our snort and other tools. How hard is it to 
> compile bro with another version of libpcap :)?
> 




More information about the Bro mailing list