From owner-freebsd-questions Thu Apr 26 2: 7:32 2001 Delivered-To: freebsd-questions@freebsd.org Received: from serenity.mcc.ac.uk (serenity.mcc.ac.uk [130.88.200.93]) by hub.freebsd.org (Postfix) with ESMTP id 8D56B37B42C for ; Thu, 26 Apr 2001 02:07:30 -0700 (PDT) (envelope-from rasputin@freebsd-uk.eu.org) Received: from dogma.freebsd-uk.eu.org ([130.88.200.97] ident=root) by serenity.mcc.ac.uk with esmtp (Exim 2.05 #4) id 14shkH-00082s-00; Thu, 26 Apr 2001 10:07:29 +0100 Received: (from rasputin@localhost) by dogma.freebsd-uk.eu.org (8.11.1/8.11.1) id f3Q97Tf29708; Thu, 26 Apr 2001 10:07:29 +0100 (BST) (envelope-from rasputin) Date: Thu, 26 Apr 2001 10:07:29 +0100 From: Rasputin To: dotslash Cc: questions@freebsd.org Subject: Re: a bit of libpcap explanation Message-ID: <20010426100729.I28408@dogma.freebsd-uk.eu.org> Reply-To: Rasputin References: <00fa01c0ce2c$d51a7e20$2903010a@atg.altayer.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <00fa01c0ce2c$d51a7e20$2903010a@atg.altayer.com>; from dotslash@linif.org on Thu, Apr 26, 2001 at 12:41:56PM +0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * dotslash [010426 09:44]: > basically i just want to find out if setting up a firewall (ipfilter) on the > same system as where a NIDS is installed would affect the job of the NIDS. > i'm using snort for my NIDS. IPF grabs packets before they hit the kernel TCP stack, so my guess would be that the NIDs won't see blocked packets if it lives in the stack. If it peeks at the buffer on the network card, it will see the traffic Anyone knowe which tcpdump does? -- Speak softly and carry a +6 two-handed sword. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message