This is a libpcap-based program. It has two runtime modes:
1)It sniffs packets and spools them straight to the disk and can daemonize itself for background packet logging. By default the file rolls over when 1 GB of data is logged.
2)It sniffs packets and rewrites them to a second interface, essentially acting as a soft tap. It can also do this in daemon mode.
These two runtime modes are mutually exclusive, if the program is placed in tap mode (using the -I switch) then logging to disk is disabled.
http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html
