[Snort-devel] PATCH 1/1]: DAQ pcaprr module

Russ Combs rcombs at ...402...
Fri Apr 29 10:52:57 EDT 2011


Thanks!

On Fri, Apr 29, 2011 at 10:41 AM, Jeff Murphy <jeff.murphy at ...2499...> wrote:

> Attached. Here's a suggested blurb (based on the Napatech blurb), feel free
> to edit
>
>
> PCAPRR External DAQ
>
> PCAPRR can be used to read from multiple network interfaces in cases where
> those interfaces can not be bonded together (e.g. when using Endace
> cards). To build this requires libpcap library. This is *NOT* a Sourcefire
> used or produced module, and support questions should be directed to Jeff
> Murphy <jcmurphy at ...3179...>.
>
>
>
> On Apr 29, 2011, at 10:03 AM, Russ Combs wrote:
>
> Thanks for contributing.  Please follow the guidelines here:
>
> http://www.snort.org/snort-downloads/external-daq/
>
> Then send us a tarball and we'll add it to the above page.
>
> Russ
>
> On Fri, Apr 29, 2011 at 9:33 AM, Jeff Murphy <jeff.murphy at ...2499...>wrote:
>
>>
>>
>> We use Endace DAG cards in our sensors along with regen taps. Those cards
>> don't work with the bonding driver, so merging the two streams from a regen
>> tap isn't possible (unless we use a different tap or fix the drivers to work
>> together). The attached patch creates a new module in the os-daq-modules
>> directory called "pcaprr.c". This module will open multiple devices and then
>> make round-robin reads from the device list (much like the bonding driver
>> would if it worked with the DAG driver).  Modifications made against DAQ 0.5
>> code.
>>
>>
>> Example use:
>>
>>
>> /usr/sbin/snort --daq-dir=/usr/lib64/daq --daq pcaprr -i dag0:4,dag1:4
>>
>>
>> I've been running this DAQ code for ~3 weeks now.
>>
>>
>> jeff
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> WhatsUp Gold - Download Free Network Management Software
>> The most intuitive, comprehensive, and cost-effective network
>> management toolset available today.  Delivers lowest initial
>> acquisition cost and overall TCO of any competing solution.
>> http://p.sf.net/sfu/whatsupgold-sd
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>>
>
>
>
> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today.  Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110429/67fe0389/attachment.html>


More information about the Snort-devel mailing list