[Snort-users] Snort + Libpcap + FPGA card

Nathan D'Elboux nathan.delboux at gmail.com
Sun Feb 24 23:54:59 EST 2019


Hi all,

I have a Dell R740 server with a Silicom capture FPGA card in which i have
a variety of access methods available to me.

I have PF_RING or Libpcap or the Fiberblaze drivers + API available to
retrieve packets from the interface.  Using snort -i and the libpcap
interface name of "fbcard0/a00" it works fine and i can see its matching
traffic etc.

I am running ubuntu 16.04 operating system so i have the config file
/etc/snort/snort.debian.conf to define the interface name.  I cannot get it
to start no matter what variation of interface i put in place in the
config.  I thought it may be a bash parsing error so i added "fbcard0\/a00"
but it doesnt change

I am using libpcap because that way i can use the .deb installer and its
easier to manage. i can try use PF_RING but that means i have to compile
snort and opens up a whole other workflow of compiling my own .deb packages
to maintain and is more work than just trying to get libpcap working
initially.

Has anyone got any ideas as to how i can access this interface? Tcpdump
works on it but the interface isnt managed under ifconfig or network
manager like others. its  a packet ring buffer not a typical interface.

Cheers,
Nathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190225/eed317e5/attachment.html>


More information about the Snort-users mailing list