<div dir="ltr"><div dir="auto" style="word-wrap:break-word">Thank you, Tom and Michael, for your replies.<div><br></div><div>Tom would you be willing to share your modifications so I could give it a try?</div><div><br></div><div>Shawn<br><div class="m_-470326807082315790AppleOriginalContents" style="direction:ltr"><blockquote type="cite"><div>On Aug 21, 2017, at 6:18 PM, Tom DeCanio <<a href="mailto:decanio.tom@gmail.com" target="_blank">decanio.tom@gmail.com</a>> wrote:</div><br class="m_-470326807082315790Apple-interchange-newline"><div><p dir="ltr">I've got some modifications to suricata that supports netmap pipes, which don't work with the versions of code from the OISF. I haven't gotten this to Victor yet.</p><p dir="ltr">If you have issues with vale this version should work with vale as well.</p><p dir="ltr">Tom</p>
<br><div class="gmail_quote"><div dir="ltr">On Mon, Aug 21, 2017, 1:30 PM Michael Shirk <<a href="mailto:shirkdog.bsd@gmail.com" target="_blank">shirkdog.bsd@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">The assumption without any evidence or testing is that it would work fine. On FreeBSD there have been some new presentations on the use of netmap/vale to support network monitoring of this type.<div dir="auto"><br></div><div dir="auto"><br><br><div data-smartmail="gmail_signature" dir="auto">--<br>Michael Shirk<br>Daemon Security, Inc.<br><a href="https://www.daemon-security.com/" target="_blank">https://www.daemon-security.<wbr>com</a></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Aug 21, 2017 1:18 PM, "Shawn Venti" <<a href="mailto:smventi944@gmail.com" target="_blank">smventi944@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>Has anyone had experience with running a Suricata instance with Netmap mode but connected to a virtual port on a VALE switch opposed to a physical NIC?</div><div><br></div><div>Thank You</div><div><br></div><div>Shawn</div></div>
<br>______________________________<wbr>_________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@<wbr>openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org/" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/<wbr>support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-users</a><br>
<br>
Conference: <a href="https://suricon.net/" rel="noreferrer" target="_blank">https://suricon.net</a><br>
Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer" target="_blank">https://suricata-ids.org/<wbr>training/</a><br></blockquote></div></div>
______________________________<wbr>_________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@<wbr>openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org/" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/<wbr>support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-users</a><br>
<br>
Conference: <a href="https://suricon.net/" rel="noreferrer" target="_blank">https://suricon.net</a><br>
Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer" target="_blank">https://suricata-ids.org/<wbr>training/</a></blockquote></div>
</div></blockquote></div><br></div></div></div>