[Oisf-users] question about command input parameter for pcap
tidy at holonetsecurity.com
tidy at holonetsecurity.com
Fri Jul 28 07:19:40 UTC 2017
Hi,
I saw the following command parameter which both are running for pcap mode, the first "-i" need input dev and the second “—pcap” can read dev from configuration.
USAGE: ./suricata [OPTIONS] [BPF FILTER]
-i <dev or ip> : run in pcap live mode
--pcap[=<dev>] : run in pcap mode, no value select interfaces from suricata.yaml
So, my question is: when I run suricata with "-pcap” and there was no mmap enabled for “-pcap” mode, are these running parameter are the same?
Thanks,
Tidy
More information about the Oisf-users
mailing list