Re: FW: Afpacket daq-2.0.1 snort

[Jaime Nebrera <jnebrera () redborder org>]

I can't speak on what I have not seen. I told you we have experience with
Silicom and are happy with them. There are a few other players in this
area, but not many
El 07/07/2014 06:15, "Randal T. Rioux" <randy () procyonlabs com> escribió:

> I have a stack of these Niagara cards. For over a decade, I've tried
> dozens of different methods to achieve pass on fail or no power. It's a
> driver nightmare and was never reliable.
>
> Interface Masters were of little help. Unless it is a current product,
> even they don't know how they work (or don't want to share, frowny
> face). The OEMs are who do the heavy lifting for them.
>
>
> On 7/2/2014 2:36 PM, Anshuman Anil Deshmukh wrote:
> > Hi Jaime,
> >
> >
> >
> > Below mail was sent by me earlier, which got stuck due to some error in
> > my mailbox and it went through after I cleaned up my mailbox. I would
> > like to update this mail thread that I did got an answer from the vendor
> > for configuring the NIC if the snort application crashes.
> >
> >
> >
> > The vendor said that it can be done using these two different ways.
> >
> > 1. They have their API to control the NIC (niagara_util -k).
> >
> > 2. Call the system functions themselves. The source code is with the
> > driver. They have examples under user_api/examples/module_kick.c under
> > the drivers they have provided.
> >
> >
> >
> > The vendor have specifically recommended using the 'kick' option. They
> > said that whenever the snort application fails, the 'kick' can be
> > configured to stop sending heartbeats by which the NIC will go to bypass
> > because of the missed heartbeat.
> >
> >
> >
> > Looking at the solution that vendor has provided, please let me know
> > under which Gen exactly would my NIC come. Also please comment on the
> > solution if it would be appropriate to use for an inline IPS solution OR
> > you have any other recommendations.
> >
> >
> >
> > Thank you.
> >
> >
> >
> > Regards,
> >
> > Anshuman
> >
> >
> >
> > *From:*Jaime Nebrera [mailto:jnebrera () redborder org]
> > *Sent:* Wednesday, July 2, 2014 11:26 PM
> > *To:* Anshuman Anil Deshmukh
> > *Cc:* snort-users () lists sourceforge net
> > *Subject:* Re: [Snort-users] FW: Afpacket daq-2.0.1 snort
> >
> >
> >
> > Hi Anshuman,
> >
> > We don't know for that card in particular, but in general the technology
> > has gone through various steps:
> >
> > Gen 1.- Non software controlable. Bypass is enabled either due to power
> > failure or missed watchdog
> >
> > Gen 2.- Software controlable, but using a modified card driver. This in
> > general is complex to maintain
> >
> > Gen 3.- Software controlable, by specific bypass driver, letting the
> > card controller driver untouched
> >
> > We use another manufacturer cards (Silicom) and Gen 3 which in essence
> > us to do whatever we want with them and keep card drivers updated
> > through CLI orders. As for IM I can't advise on how they do but guess
> > would be similar (but believe your card is old thus might be Gen 1 or 2)
> >
> > Regards
> >
> > El 02/07/2014 19:35, "Anshuman Anil Deshmukh" <anshuman () cybage com
> > <mailto:anshuman () cybage com>> escribió:
> >
> > Hi Juan,
> >
> >
> >
> > We use this NIC
> http://www.interfacemasters.com/products/bypass-nics/niagara-32264-quad-port-copper-gigabit-ethernet-nic-with-bypass-server-adapter-card.html
> > Regards,
> >
> > Anshuman
> >
> >
> >
> > *From:*Juan Jesus Prieto [mailto:jjprieto () redborder org
> > <mailto:jjprieto () redborder org>]
> > *Sent:* Tuesday, July 1, 2014 12:50 PM
> > *To:* snort-users () lists sourceforge net
> > <mailto:snort-users () lists sourceforge net>
> > *Subject:* Re: [Snort-users] FW: Afpacket daq-2.0.1 snort
> >
> >
> >
> > Hi Anshuman,
> >
> >   Wich kind of bypass NIC have you (Vendor/model)?
> >
> > El 30/06/14 20:35, Anshuman Anil Deshmukh escribió:
> >
> >     Hi,
> >
> >
> >
> >     If anybody has answer to my query, please reply back.
> >
> >
> >
> >
> >
> >     Regards,
> >
> >     Anshuman
> >
> >
> >
> >     *From:*Anshuman Anil Deshmukh [mailto:anshuman () cybage com]
> >     *Sent:* Saturday, June 28, 2014 5:47 PM
> >     *To:* snort-users () lists sourceforge net
> >     <mailto:snort-users () lists sourceforge net>
> >     *Subject:* [Snort-users] FW: Afpacket daq-2.0.1 snort
> >
> >
> >
> >     Hi,
> >
> >
> >
> >     I see that below question was never replied on this list. I have
> >     same question. In my case only difference is it is AFPACKET on a
> >     quad port NIC.
> >
> >
> >
> >     I request this list to reply back at the earliest.
> >
> >
> >
> >     Thank you.
> >
> >
> >
> >
> >
> >     Regards,
> >
> >     Anshuman
> >
> >
> >
> >     *From:*Lawrence R. Hughes,Sr. [mailto:lhughes () safemedia com]
> >     *Sent:* Wednesday, September 4, 2013 12:35 AM
> >     *To:* snort-users () lists sourceforge net
> >     <mailto:snort-users () lists sourceforge net>
> >     *Subject:* [Snort-users] Afpacket daq-2.0.1 snort
> >
> >
> >
> >     hi,
> >
> >
> >
> >     If I use the Daq in Afpacket mode (inline) with copper bypass DUAL
> >     NIC (eth0:eth1) how would I put the DUAL-NIC in copper Bypass Mode
> >     when snort quits running?
> >
> >
> >
> >     Many Thanks,
> >
> >     Larry
> >
> >
> >
> >
> >     "Legal Disclaimer: This electronic message and all contents contain
> >     information from Cybage Software Private Limited which may be
> >     privileged, confidential, or otherwise protected from disclosure.
> >     The information is intended to be for the addressee(s) only. If you
> >     are not an addressee, any disclosure, copy, distribution, or use of
> >     the contents of this message is strictly prohibited. If you have
> >     received this electronic message in error please notify the sender
> >     by reply e-mail to and destroy the original message and all copies.
> >     Cybage has taken every reasonable precaution to minimize the risk of
> >     malicious content in the mail, but is not liable for any damage you
> >     may sustain as a result of any malicious content in this e-mail. You
> >     should carry out your own malicious content checks before opening
> >     the e-mail or attachment." www.cybage.com <http://www.cybage.com>
> >
> >
> >     "Legal Disclaimer: This electronic message and all contents contain
> >     information from Cybage Software Private Limited which may be
> >     privileged, confidential, or otherwise protected from disclosure.
> >     The information is intended to be for the addressee(s) only. If you
> >     are not an addressee, any disclosure, copy, distribution, or use of
> >     the contents of this message is strictly prohibited. If you have
> >     received this electronic message in error please notify the sender
> >     by reply e-mail to and destroy the original message and all copies.
> >     Cybage has taken every reasonable precaution to minimize the risk of
> >     malicious content in the mail, but is not liable for any damage you
> >     may sustain as a result of any malicious content in this e-mail. You
> >     should carry out your own malicious content checks before opening
> >     the e-mail or attachment." www.cybage.com <http://www.cybage.com>
> ------------------------------------------------------------------------------
> >     Open source business process management suite built on Java and
> Eclipse
> >     Turn processes into business applications with Bonita BPM Community
> Edition
> >     Quickly connect people, data, and systems into organized workflows
> >
> >     Winner of BOSSIE, CODIE, OW2 and Gartner awards
> >
> >     http://p.sf.net/sfu/Bonitasoft
> >
> >
> >
> >     _______________________________________________
> >
> >     Snort-users mailing list
> >
> >     Snort-users () lists sourceforge net <mailto:
> Snort-users () lists sourceforge net>
> >     Go to this URL to change user options or unsubscribe:
> >
> >     https://lists.sourceforge.net/lists/listinfo/snort-users
> >
> >     Snort-users list archive:
> >
> >     http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> >
> >
> >     Please visit http://blog.snort.org to stay current on all the
> latest Snort news!
> > "Legal Disclaimer: This electronic message and all contents contain
> > information from Cybage Software Private Limited which may be
> > privileged, confidential, or otherwise protected from disclosure. The
> > information is intended to be for the addressee(s) only. If you are not
> > an addressee, any disclosure, copy, distribution, or use of the contents
> > of this message is strictly prohibited. If you have received this
> > electronic message in error please notify the sender by reply e-mail to
> > and destroy the original message and all copies. Cybage has taken every
> > reasonable precaution to minimize the risk of malicious content in the
> > mail, but is not liable for any damage you may sustain as a result of
> > any malicious content in this e-mail. You should carry out your own
> > malicious content checks before opening the e-mail or attachment."
> > www.cybage.com <http://www.cybage.com>
> ------------------------------------------------------------------------------
> > Open source business process management suite built on Java and Eclipse
> > Turn processes into business applications with Bonita BPM Community
> Edition
> > Quickly connect people, data, and systems into organized workflows
> > Winner of BOSSIE, CODIE, OW2 and Gartner awards
> > http://p.sf.net/sfu/Bonitasoft
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net <mailto:
> Snort-users () lists sourceforge net>
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
> >
> >
> > "Legal Disclaimer: This electronic message and all contents contain
> > information from Cybage Software Private Limited which may be
> > privileged, confidential, or otherwise protected from disclosure. The
> > information is intended to be for the addressee(s) only. If you are not
> > an addressee, any disclosure, copy, distribution, or use of the contents
> > of this message is strictly prohibited. If you have received this
> > electronic message in error please notify the sender by reply e-mail to
> > and destroy the original message and all copies. Cybage has taken every
> > reasonable precaution to minimize the risk of malicious content in the
> > mail, but is not liable for any damage you may sustain as a result of
> > any malicious content in this e-mail. You should carry out your own
> > malicious content checks before opening the e-mail or attachment."
> > www.cybage.com
> ------------------------------------------------------------------------------
> > Open source business process management suite built on Java and Eclipse
> > Turn processes into business applications with Bonita BPM Community
> Edition
> > Quickly connect people, data, and systems into organized workflows
> > Winner of BOSSIE, CODIE, OW2 and Gartner awards
> > http://p.sf.net/sfu/Bonitasoft
> >
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
> >
>
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!