I have a Dell R740 server with a Silicom capture FPGA card in which i have a variety of access methods available to me.
I have PF_RING or Libpcap or the Fiberblaze drivers + API available to retrieve packets from the interface. Using snort -i and the libpcap interface name of "fbcard0/a00" it works fine and i can see its matching traffic etc.
I am running ubuntu 16.04 operating system so i have the config file /etc/snort/snort.debian.conf to define the interface name. I cannot get it to start no matter what variation of interface i put in place in the config. I thought it may be a bash parsing error so i added "fbcard0\/a00" but it doesnt change
I am using libpcap because that way i can use the .deb installer and its easier to manage. i can try use PF_RING but that means i have to compile snort and opens up a whole other workflow of compiling my own .deb packages to maintain and is more work than just trying to get libpcap working initially.
Has anyone got any ideas as to how i can access this interface? Tcpdump works on it but the interface isnt managed under ifconfig or network manager like others. its a packet ring buffer not a typical interface.