[Oisf-users] Out of band 10Gb Suricata

Duane Howard duane.security at gmail.com
Wed Oct 14 20:08:13 UTC 2015


RxPcapeth71

Looks like you're running in pcap runmode? Have you tried using AFPacket or
something other than pcap?

./d

On Wed, Oct 14, 2015 at 11:43 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Never tried and probably won't work that great because of I/O issues.
> But I really can't say either way.
>
> Another thing to try is using bpf filters, or filters on your tap, to
> only monitor certain flows.  See this article for example:
>
> >
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ignoring_Traffic
>
> You can invert this example and try just monitoring a single network or
> host via bpf filters and then expand that until you figure out what your
> capacity is.
>
> On 10/14/2015 11:34 AM, Brian Hennigar wrote:
> > Hey Cooper,
> > I turned off the rules and still seeing the same amount of drops.
> > What is your experience with CUDA?  Instead of upgrading the CPUs, would
> > a GPU be the easier/cheaper option to get the required performance?  I
> > know I'll need to find one that is supported by ESXi for the passthrough.
>
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
>
> iQEcBAEBAgAGBQJWHqJZAAoJEKIFRYQsa8FWvjEH/iF4ZFzpe7eXoAd03E5z8p4M
> Q+0x2Mor+zi5BNLetemPB38ci9NzZ6bg4VHI5RQNcIOIun7sDnLMEUHOzHjL3NU3
> R42d0l6G+nXBL/BbNTinXfSUabp06ZN8phzU/laUJSDHXRjkSlXYjbXWxK62dit5
> b/f8c0wYQ5BKuujDY6dISvSnik95z76d0SMmKSgLBAEKd34NNdVEdMM2qCjL/G5x
> NfLQ7H0Uc39uEOTD5/1AT9Dpoaq3GZWkEmrqfSZp6A9I5WmkpjGE4EMHyXj7r5mp
> kms69Iw6ua2dHWzt5KFdIDS0XK2wbiTjgLFOP9KJ5NuyKm4Jrcav/DanszljSYM=
> =HIVS
> -----END PGP SIGNATURE-----
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151014/cb9a3165/attachment-0002.html>


More information about the Oisf-users mailing list