Im am running snort on a pretty fast network. I am using the special version of libpcap which uses mmap.
I am currently able to keep up with my network traffic. I have developed my own program now that does packet analysis and it uses libpcap as well to capture packets. Im just wondering what additional overhead this will cause. Obviously both snort and my program will use more cpu cycles the faster the network traffic is going but is there any additonal overhead with have 2 different process callling the libpcap library? Or will there be some impact on snort (other than cpu cycles being used by the additional program) that I am not aware of?