
<div class="gmail_extra">Hi,<br><br>For Myricom cards that support the myri-snf driver, the Myricom Sniffer 10G software provides a libpcap wrapper to their native snf API, so no code changes are needed for libpcap applications (<a href="http://www.myricom.com/scs/SNF/doc/">http://www.myricom.com/scs/SNF/doc/</a>).<br>

<br>To use myri-snf with Suricata you just need to recompile with <br><br>./configure --with-libpcap=/opt/snf<br><br>The number of rings is configurable through an environment variable SNF_NUM_RINGS.<br><br>So if SNF_NUM_RINGS is set to 2, invoke suricata with:<br>

suricata -c suricata.yaml -i myri0 -i myri0<br><br>Regards,<br>Eileen<br><br><div class="gmail_quote">On Fri, Apr 27, 2012 at 9:43 AM, Martin Holste <span dir="ltr"><<a href="mailto:mcholste@gmail.com" target="_blank">mcholste@gmail.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">We have used a DAG card, but unless you're monitoring more than 1<br>

Gb/sec, PF_RING should be able to take care of any kernel issues on<br>

pretty much any hardware.  We monitor 800 Mb/sec and on both DAG and<br>

PF_RING, the bottleneck is most definitely the CPU's performing<br>

pattern matching.<br>

<div class="HOEnZb"><div class="h5"><br>

On Fri, Apr 27, 2012 at 6:44 AM, Rich Rumble <<a href="mailto:richrumble@gmail.com">richrumble@gmail.com</a>> wrote:<br>

> On Fri, Apr 27, 2012 at 6:55 AM, Travel Factory S.r.l. <<a href="mailto:mc8647@mclink.it">mc8647@mclink.it</a>> wrote:<br>

>><br>

>> Good morning,<br>

>> I read that there are some lan cards that are engineered to avoid<br>

>> packet loss.<br>

>><br>

>> Are they really usable with suricata ?<br>

>><br>

>> Anyone using them ?<br>

>><br>

> DAG Endace cards have long been used for Snort, and Suricata also has<br>

> support for them:<br>

> <a href="http://www.endace.com/endace-dag-high-speed-packet-capture-cards.html" target="_blank">http://www.endace.com/endace-dag-high-speed-packet-capture-cards.html</a><br>

> as well as<br>

> Napatech to: <a href="http://www.napatech.com/products/capture_adapters/1x40g_pcie_nt40e2-1_capture.html" target="_blank">http://www.napatech.com/products/capture_adapters/1x40g_pcie_nt40e2-1_capture.html</a><br>

> Myricom <a href="http://www.myricom.com/products/network-adapters/10g-pcie2-8c2-2s-sync.html" target="_blank">http://www.myricom.com/products/network-adapters/10g-pcie2-8c2-2s-sync.html</a><br>

> Suricata also supports PFRING: <a href="http://www.ntop.org/products/pf_ring/" target="_blank">http://www.ntop.org/products/pf_ring/</a><br>

> which improves capture speed in *nix os's.<br>

><br>

> This time I reply to the list...<br>

> -rich<br>

> _______________________________________________<br>

> Oisf-users mailing list<br>

> <a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>

> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

_______________________________________________<br>

Oisf-users mailing list<br>

<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>

<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

</div></div></blockquote></div><br></div>