[Oisf-users] "Professional" capture card
Martin Holste
mcholste at gmail.com
Fri Apr 27 13:43:26 UTC 2012
We have used a DAG card, but unless you're monitoring more than 1
Gb/sec, PF_RING should be able to take care of any kernel issues on
pretty much any hardware. We monitor 800 Mb/sec and on both DAG and
PF_RING, the bottleneck is most definitely the CPU's performing
pattern matching.
On Fri, Apr 27, 2012 at 6:44 AM, Rich Rumble <richrumble at gmail.com> wrote:
> On Fri, Apr 27, 2012 at 6:55 AM, Travel Factory S.r.l. <mc8647 at mclink.it> wrote:
>>
>> Good morning,
>> I read that there are some lan cards that are engineered to avoid
>> packet loss.
>>
>> Are they really usable with suricata ?
>>
>> Anyone using them ?
>>
> DAG Endace cards have long been used for Snort, and Suricata also has
> support for them:
> http://www.endace.com/endace-dag-high-speed-packet-capture-cards.html
> as well as
> Napatech to: http://www.napatech.com/products/capture_adapters/1x40g_pcie_nt40e2-1_capture.html
> Myricom http://www.myricom.com/products/network-adapters/10g-pcie2-8c2-2s-sync.html
> Suricata also supports PFRING: http://www.ntop.org/products/pf_ring/
> which improves capture speed in *nix os's.
>
> This time I reply to the list...
> -rich
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list