Support OS'es for Argus 2.0
Peter Van Epp
vanepp at sfu.ca
Tue Jun 27 15:23:26 EDT 2000
I'd add either FreeBSD or OpenBSD to the list (they may be close enough
that one port fits both) for performance reasons. I need to poke at both to
see if OpenBSD pays off being harder to install with better performance than
FreeBSD at packet capture (its a wash on output with tcpreplay, both are wire
speed). Going from NFR's experience (who don't support either NT or Linux)
there are probably performance issues with both NT and Red Hat. There is
rumor of a zero copy packet capture kernel (experimental) for Linux that may
fix this complaint though. Once I get some of the damn modem pool fires fixed
or passed back to their away owner I hope to get to that (although my track
record so far is lousy).
If the NT port isn't to difficult to do it will probably be popular,
the downside being it may give argus a bad reputation if it loses packets at
high speed. As much as I hate to say it, I expect Carter should look closely
at Marcus Ranum's comments (on slash-dot I think) about why NFR pulled out
of the open source / commercial product arena (basically the research version
was being run poorly on Linux and being compared unfavorably to the other
commercial products their commercial version was competeing with).
In case I didn't add it to the wish list earlier, full duplex support
(dual cards of splitters) is another desirable thing (and on my list of things
to hack in sometime ...).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
> Hey David,
> I was thinking about using the WinPcap 2.02 stuff.
> http://netgroup-serv.polito.it/winpcap/ If this
> really is working, it may do what we need.
> What do you think?
> -----Original Message-----
> From: David Brumley [mailto:dbrumley at rtfm.stanford.edu]
> Sent: Tuesday, June 27, 2000 2:38 PM
> To: Carter Bullard
> Cc: Argus (E-mail)
> Subject: Re: Support OS'es for Argus 2.0
> > The list is, (based on my personal experience):
> > Solaris 8 (this should cover the SPARC's as well?)
> > Red Hat Linux
> > Windows NT/2000
> I can do the sparc port if needed for solaris. Currently we run argus on
> solaris 2.6 with a dlpi interface.
> I would shine away from windows personally as portability is probably very
> high (no standard interface library like pcap).
> David Brumley - Stanford Computer Security - dbrumley at Stanford.EDU
> Phone: +1-650-723-2445 WWW: http://www.stanford.edu/~dbrumley
> Fax: +1-650-725-9121 PGP: finger dbrumley-pgp at sunset.Stanford.EDU
> c:\winnt> secure_nt.exe
> Securing NT. Insert Linux boot disk to continue......
> "I have opinions, my employer does not."
More information about the argus