[Snort-devel] PATCH 1/1]: DAQ pcaprr module

Joel Esler jesler at ...402...
Fri Apr 29 11:15:51 EDT 2011


I just put it up on Snort.org as well as put it on the Snort blog at http://blog.snort.org

Thanks Jeff, great work!

Joel

On Apr 29, 2011, at 10:52 AM, Russ Combs wrote:

> Thanks!
> 
> On Fri, Apr 29, 2011 at 10:41 AM, Jeff Murphy <jeff.murphy at ...2499...> wrote:
> Attached. Here's a suggested blurb (based on the Napatech blurb), feel free to edit 
> 
> 
> PCAPRR External DAQ
> PCAPRR can be used to read from multiple network interfaces in cases where those interfaces can not be bonded together (e.g. when using Endace cards). To build this requires libpcap library. This is NOT a Sourcefire used or produced module, and support questions should be directed to Jeff Murphy. 
> 
> 
> 
> 
> On Apr 29, 2011, at 10:03 AM, Russ Combs wrote:
> 
>> Thanks for contributing.  Please follow the guidelines here:
>> 
>> http://www.snort.org/snort-downloads/external-daq/
>> 
>> Then send us a tarball and we'll add it to the above page.
>> 
>> Russ
>> 
>> On Fri, Apr 29, 2011 at 9:33 AM, Jeff Murphy <jeff.murphy at ...2499...> wrote:
>> 
>> 
>> We use Endace DAG cards in our sensors along with regen taps. Those cards don't work with the bonding driver, so merging the two streams from a regen tap isn't possible (unless we use a different tap or fix the drivers to work together). The attached patch creates a new module in the os-daq-modules directory called "pcaprr.c". This module will open multiple devices and then make round-robin reads from the device list (much like the bonding driver would if it worked with the DAG driver).  Modifications made against DAQ 0.5 code.
>> 
>> Example use:
>> 
>> /usr/sbin/snort --daq-dir=/usr/lib64/daq --daq pcaprr -i dag0:4,dag1:4 
>> 
>> I've been running this DAQ code for ~3 weeks now. 
>> 
>> jeff 
>>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> ------------------------------------------------------------------------------
>> WhatsUp Gold - Download Free Network Management Software
>> The most intuitive, comprehensive, and cost-effective network
>> management toolset available today.  Delivers lowest initial
>> acquisition cost and overall TCO of any competing solution.
>> http://p.sf.net/sfu/whatsupgold-sd
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>> 
>> 
> 
> 
> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today.  Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110429/22e1dfb3/attachment.html>


More information about the Snort-devel mailing list