Date: Thu, 26 Apr 2001 10:07:29 +0100 From: Rasputin <rara.rasputin@virgin.net> To: dotslash <dotslash@linif.org> Cc: questions@freebsd.org Subject: Re: a bit of libpcap explanation Message-ID: <20010426100729.I28408@dogma.freebsd-uk.eu.org> In-Reply-To: <00fa01c0ce2c$d51a7e20$2903010a@atg.altayer.com>; from dotslash@linif.org on Thu, Apr 26, 2001 at 12:41:56PM %2B0400 References: <00fa01c0ce2c$d51a7e20$2903010a@atg.altayer.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* dotslash <dotslash@linif.org> [010426 09:44]: > basically i just want to find out if setting up a firewall (ipfilter) on the > same system as where a NIDS is installed would affect the job of the NIDS. > i'm using snort for my NIDS. IPF grabs packets before they hit the kernel TCP stack, so my guess would be that the NIDs won't see blocked packets if it lives in the stack. If it peeks at the buffer on the network card, it will see the traffic Anyone knowe which tcpdump does? -- Speak softly and carry a +6 two-handed sword. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010426100729.I28408>