> On 23 Sep 2015, at 06:54, Evani Sitaram <[email protected]> wrote: > > Hi, > i am Evani Ram,i am working for my final year project and i am new to > pf_ring and snort , i have a couple of queries regarding pf_ring. > > 1) Firstly, is it possible to drop packets using pf_ring ? if yes, how to > configure pf_ring in order to drop packets. (alert is working in pf_ring) > > i am using this command to drop the packets but its only capture the packets > and logging. i am using pf_ring aware driver. > > Command : > /snort/bin/snort -Q -c /snort/etc/snort.conf -d --treat-drop-as-alert --daq > pfring --daq-dir /pfring/lib/daq -l /logs -i eth0:eth1 &
Do you mean you want to use it inline dropping packets? You just need to run snort in IPS mode using our DAQ module, please take a look at the README > 2) Secondly, what is the hardware architecture supported for using pf_ring > and can you suggest minimum required configuration for dropping packets. With standard drivers you can use any NIC, almost all Intel NICs are also supported in Zero-Copy mode for line-rate. > ( i am using using Intel PRO /1000 PT DUAL PORT NiC card for traffic flow) Can I see "lspci | grep Eth"? Regards Alfredo > > Thanks And Regards, > Evani Ram. > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
