[Snort-users] snort and TNAPI

Jason Wallace jason.r.wallace at ...11827...
Wed May 20 16:15:34 EDT 2009

I used PF_Ring (without TNAPI) with snort about 2 years ago. I did
some testing comparing it to Phil Wood's libpcap and regular libpcap.
I wasn't impressed with the capture performance of PF_Ring (on x86).
It is really good at capturing very small packets (better than the
other two libpcaps), so it is great for things like ntop. Most of the
stats you see listed on the site are for 64 byte packets. With snort
the snap length is pretty high (at least for me) > 512 bytes.
Supposedly it works better on amd64 systems. I have not used


On Wed, May 20, 2009 at 2:20 PM, Ritter, Nicholas
<Nicholas.Ritter at ...14550...> wrote:
> Has anyone started using snort with pf_ring/TNAPI, or have any opinion on
> the subject?
> TNAPI info: http://www.ntop.org/TNAPI.html
> Nick
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables
> unlimited royalty-free distribution of the report engine
> for externally facing server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list