[Oisf-users] question about command input parameter for pcap

[Andreas Herz]

On 28/07/17 at 15:19, tidy at holonetsecurity.com wrote:
> 	-i <dev or ip>                       : run in pcap live mode

This might be confusing, since for example on a linux system you will
run with AF_PACKET runmode by default and not PCAP. You might want to
take a look at the --list-runmodes option or read about the different
run modes in our documentation to get a better view for that:

http://suricata.readthedocs.io/en/latest/performance/runmodes.html

-- 
Andreas Herz