Snort mailing list archives
Snort + Libpcap + FPGA card
From: Nathan D'Elboux via Snort-users <snort-users () lists snort org>
Date: Mon, 25 Feb 2019 15:54:59 +1100
Hi all, I have a Dell R740 server with a Silicom capture FPGA card in which i have a variety of access methods available to me. I have PF_RING or Libpcap or the Fiberblaze drivers + API available to retrieve packets from the interface. Using snort -i and the libpcap interface name of "fbcard0/a00" it works fine and i can see its matching traffic etc. I am running ubuntu 16.04 operating system so i have the config file /etc/snort/snort.debian.conf to define the interface name. I cannot get it to start no matter what variation of interface i put in place in the config. I thought it may be a bash parsing error so i added "fbcard0\/a00" but it doesnt change I am using libpcap because that way i can use the .deb installer and its easier to manage. i can try use PF_RING but that means i have to compile snort and opens up a whole other workflow of compiling my own .deb packages to maintain and is more work than just trying to get libpcap working initially. Has anyone got any ideas as to how i can access this interface? Tcpdump works on it but the interface isnt managed under ifconfig or network manager like others. its a packet ring buffer not a typical interface. Cheers, Nathan
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort + Libpcap + FPGA card Nathan D'Elboux via Snort-users (Feb 24)