[Snort-users] Snort + Libpcap + FPGA card
nathan.delboux at gmail.com
Sun Feb 24 23:54:59 EST 2019
I have a Dell R740 server with a Silicom capture FPGA card in which i have
a variety of access methods available to me.
I have PF_RING or Libpcap or the Fiberblaze drivers + API available to
retrieve packets from the interface. Using snort -i and the libpcap
interface name of "fbcard0/a00" it works fine and i can see its matching
I am running ubuntu 16.04 operating system so i have the config file
/etc/snort/snort.debian.conf to define the interface name. I cannot get it
to start no matter what variation of interface i put in place in the
config. I thought it may be a bash parsing error so i added "fbcard0\/a00"
but it doesnt change
I am using libpcap because that way i can use the .deb installer and its
easier to manage. i can try use PF_RING but that means i have to compile
snort and opens up a whole other workflow of compiling my own .deb packages
to maintain and is more work than just trying to get libpcap working
Has anyone got any ideas as to how i can access this interface? Tcpdump
works on it but the interface isnt managed under ifconfig or network
manager like others. its a packet ring buffer not a typical interface.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users