6 Data Acquisition

The Data Acquisition (DAQ) module, or layer, deals with packet I/O. Its single purpose is to facilitate the delivery and transmission of network packets to and from Snort. Historically, this functionality was tightly coupled within Snort code, and as Snort grew, there was a need to simplify and abstract it out. The DAQ feature was implemented in the Snort 2.9 release.

In this chapter, we’re going to cover the following main topics:

The functionality of the DAQ layer
The performance of the DAQ layer
Packet capture functionality in Snort
The Snort 3 implementation of the DAQ layer
Configuring DAQ

The functionality of the DAQ layer

The main functionality of the DAQ layer is to facilitate the delivery of network packets from ...

Get IDS and IPS with Snort 3 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

IDS and IPS with Snort 3 by Ashley Thomas

6

Data Acquisition

The functionality of the DAQ layer

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly