[Oisf-users] Out of band 10Gb Suricata
Chris Wakelin
cwakelin at emergingthreats.net
Wed Oct 14 21:38:16 UTC 2015
Also it seems you're using virtual NICs ("vmxnet3")?
Depending on which interface type you use and whether it supports
AFPacket, you might need something like PF_RING ZC
(http://www.ntop.org/products/packet-capture/pf_ring/pf_ring-zc-zero-copy/).
Best Wishes,
Chris
On 14/10/15 22:28, Cooper F. Nelson wrote:
> Sorry I should have checked that. Yeah, pcap mode isn't going to work
> for 10Gbs. Try worker mode and this guide:
>
> https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/
>
> -Coop
>
> On 10/14/2015 1:08 PM, Duane Howard wrote:
>> RxPcapeth71
>
>> Looks like you're running in pcap runmode? Have you tried using AFPacket
>> or something other than pcap?
>
>> ./d
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
>
More information about the Oisf-users
mailing list