[Snort-users] Snort + Libpcap + FPGA card

Nathan D'Elboux nathan.delboux at gmail.com
Sun Feb 24 23:54:59 EST 2019

Hi all,

I have a Dell R740 server with a Silicom capture FPGA card in which i have
a variety of access methods available to me.

I have PF_RING or Libpcap or the Fiberblaze drivers + API available to
retrieve packets from the interface.  Using snort -i and the libpcap
interface name of "fbcard0/a00" it works fine and i can see its matching
traffic etc.

I am running ubuntu 16.04 operating system so i have the config file
/etc/snort/snort.debian.conf to define the interface name.  I cannot get it
to start no matter what variation of interface i put in place in the
config.  I thought it may be a bash parsing error so i added "fbcard0\/a00"
but it doesnt change

I am using libpcap because that way i can use the .deb installer and its
easier to manage. i can try use PF_RING but that means i have to compile
snort and opens up a whole other workflow of compiling my own .deb packages
to maintain and is more work than just trying to get libpcap working

Has anyone got any ideas as to how i can access this interface? Tcpdump
works on it but the interface isnt managed under ifconfig or network
manager like others. its  a packet ring buffer not a typical interface.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190225/eed317e5/attachment.html>

More information about the Snort-users mailing list