[Oisf-users] "Professional" capture card

eileen donlon emdonlo at gmail.com
Fri Apr 27 15:40:10 UTC 2012


Hi,

For Myricom cards that support the myri-snf driver, the Myricom Sniffer 10G
software provides a libpcap wrapper to their native snf API, so no code
changes are needed for libpcap applications (
http://www.myricom.com/scs/SNF/doc/).

To use myri-snf with Suricata you just need to recompile with

./configure --with-libpcap=/opt/snf

The number of rings is configurable through an environment variable
SNF_NUM_RINGS.

So if SNF_NUM_RINGS is set to 2, invoke suricata with:
suricata -c suricata.yaml -i myri0 -i myri0

Regards,
Eileen

On Fri, Apr 27, 2012 at 9:43 AM, Martin Holste <mcholste at gmail.com> wrote:

> We have used a DAG card, but unless you're monitoring more than 1
> Gb/sec, PF_RING should be able to take care of any kernel issues on
> pretty much any hardware.  We monitor 800 Mb/sec and on both DAG and
> PF_RING, the bottleneck is most definitely the CPU's performing
> pattern matching.
>
> On Fri, Apr 27, 2012 at 6:44 AM, Rich Rumble <richrumble at gmail.com> wrote:
> > On Fri, Apr 27, 2012 at 6:55 AM, Travel Factory S.r.l. <mc8647 at mclink.it>
> wrote:
> >>
> >> Good morning,
> >> I read that there are some lan cards that are engineered to avoid
> >> packet loss.
> >>
> >> Are they really usable with suricata ?
> >>
> >> Anyone using them ?
> >>
> > DAG Endace cards have long been used for Snort, and Suricata also has
> > support for them:
> > http://www.endace.com/endace-dag-high-speed-packet-capture-cards.html
> > as well as
> > Napatech to:
> http://www.napatech.com/products/capture_adapters/1x40g_pcie_nt40e2-1_capture.html
> > Myricom
> http://www.myricom.com/products/network-adapters/10g-pcie2-8c2-2s-sync.html
> > Suricata also supports PFRING: http://www.ntop.org/products/pf_ring/
> > which improves capture speed in *nix os's.
> >
> > This time I reply to the list...
> > -rich
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120427/01ce6d3e/attachment-0002.html>


More information about the Oisf-users mailing list