Snort + Libpcap + FPGA card

[Nathan D'Elboux via Snort-users <snort-users () lists snort org>]

Hi all,

I have a Dell R740 server with a Silicom capture FPGA card in which i have
a variety of access methods available to me.

I have PF_RING or Libpcap or the Fiberblaze drivers + API available to
retrieve packets from the interface.  Using snort -i and the libpcap
interface name of "fbcard0/a00" it works fine and i can see its matching
traffic etc.

I am running ubuntu 16.04 operating system so i have the config file
/etc/snort/snort.debian.conf to define the interface name.  I cannot get it
to start no matter what variation of interface i put in place in the
config.  I thought it may be a bash parsing error so i added "fbcard0\/a00"
but it doesnt change

I am using libpcap because that way i can use the .deb installer and its
easier to manage. i can try use PF_RING but that means i have to compile
snort and opens up a whole other workflow of compiling my own .deb packages
to maintain and is more work than just trying to get libpcap working
initially.

Has anyone got any ideas as to how i can access this interface? Tcpdump
works on it but the interface isnt managed under ifconfig or network
manager like others. its  a packet ring buffer not a typical interface.

Cheers,
Nathan

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette