[Snort-users] PF_Ring and ntop

Miller, Mike Mike.J.Miller at ...16867...
Thu Jun 19 14:48:12 EDT 2014


Im muddling through the documentation for PF_Ring and am making some headway, but am wondering about how things work these daysIve got HP DL380G8 servers with intel NICs and Im pretty sure Ive got PF_Ring compiled and loaded correctly. TCPdump in the userland tree works better than the TCPdump in the search path, and zcount in the examples_zc folder works.

 

I know theres different levels of performance improvement to be had in using PF_Ring, PF_Ring DAQ, libzero and PF_Ring ZC, Im just not sure whats available without purchasing the license from the ntop folks (which Id like to do, but my purse strings have been cut)

 

What I really need is the ability to us the ring buffer features to run multiple snort threads, a Single snort instance is easily capping out a single thread, but the 1g nic is only running around 25% utilization. (and snorts using 7400 rules)

 

 

PLEASE NOTE EMAIL, ADDRESS  THERE ARE MULTIPLE MIKE MILLERS AT IHS!

ihs.com <http://www.ihs.com/> 

http://www.ihsglobalinsight.com/gcpath/spacer.gif

http://www.ihsglobalinsight.com/gcpath/spacer.gif

http://www.ihsglobalinsight.com/gcpath/spacer.gif

Mike J. Miller 
Principal Engineer 
Computer Security Incident Response Team 
15 Inverness Way East | Englewood, Co 80112 
Phone: 303-858-6927 | Mobile: 720-326-1542 
mike.j.miller at ...16867... <mailto:mike.j.miller at ...16867...>  

________________________________

This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you. 

þ Please consider the environment before printing this e-mail. 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140619/bc12863d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 16542 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140619/bc12863d/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 167 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140619/bc12863d/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 43 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140619/bc12863d/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 476 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140619/bc12863d/attachment.sig>


More information about the Snort-users mailing list