[Oisf-users] af_packet vs pfring

Peter Bates peter.bates at ucl.ac.uk
Mon Jul 29 08:18:29 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 28/07/2013 12:22, Chris Wakelin wrote:
> We're using PF_RING + DNA + libzero and running Suricata + Bro + Argus.
> I had a look at AF_PACKET a few months ago, but couldn't get it to work
> without dropping packets. I also was under the impression it wouldn't
> allow multiple applications to see the traffic, but from what Cooper
> just said, it seems I was wrong!

With new versions of Suricata popping up I'm contemplating revisiting
the software - last time I checked with AF_PACKET I saw packet loss
but testing Suricata with PF_RING last week I saw packet loss as well.

I'm using PF_RING to run multiple instances of Snort (and some other 
applications) and it would be nice to unify everything together and make
the big switch.

What version of Suricata are people mostly running - 1.4.x production,
the version from Git, etc.? 

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division	      Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR9iVVAAoJELhVoVpEMS6R+f0H/0Nc0j94B3Md2ub7ghn06jSK
5QdQA4wdCpbzhQPsptML9tF5tFNEF9m05Y2XLygOsbneoOcKyezSIkHpRNxckL4N
nzBlo3ZFFoaRZr0Sb05zNaykoZypUjlkoav278vyOHWlupYmoT6Xrsz+tK53wpJT
CD7e2mZ6hS0cOdSUtXii9vCazDZciYM2g536PykG7CQ0MLh8V5EOOmNmCi7gOTXk
qCAO2mX82ytQP/xDxfn/wJ+CH8QQ+FYbNKRB+0javq+OqZ+KD4/btgHT0gKKfMpm
hK/RoSKzoHpUVc9M7jdzAL9/Pr0mHyoM9RRSPSKaJNOthTDQrnXxbHtzsULy0FQ=
=zcPy
-----END PGP SIGNATURE-----




More information about the Oisf-users mailing list