Whats the difference? Is Hogwash just a ripoff of Snort?

its a light version basically, its not bad but I've always used snort so why switch.. its still interesting though.

from the FAQ :

"Hogwash is a packet scrubber (sometimes called a signature based firewall) based on Snort (www.snort.org). It is designed to live inline with the network feed and drop malicious packets.
Hogwash is built on top of layer 2 and is designed to be invisible. It runs without an IP stack loaded. I run Hogwash on a Linux box without IP support compiled into the kernel.

The rules language should be familiar to anyone who has run Snort in the past.

Hogwash is lightweight. It is designed to run on old hardware and embedded systems. I'm currently trying to get some PC-104 hardware to run it on. It scales nicely up to 100mbs so it can be plugged into a large pipe, and it is lightwieght enough to plug in front of a single machine with special needs."

[ 03 April 2002: Message edited by: SKoL ]

Might be asking to much however could you give me some tips and instructions on how to get hogwash going at the minimum with redhat 7.3 or whatever works. I have snort and acid running on one of my boxes now. Snort is pretty good however I am still learning on how to fine tune it. Very noisy and alerts alot of false positives......................