Argus and MTP
Mark Poepping
poepping at cmu.edu
Tue Jan 10 01:33:01 EST 2006
I'd talked with those guys several times (at JointTechs), but not since
maybe a year ago. As I recall, their stuff is essentially optimized for
pipelining IDS processing, I didn't think they'd deliver packets to the OS
very fast -- unless you're working with them to distribute argus (which
didn't sound too likely)..
That was a while ago, and things maybe have changed, but I was under the
impression that there would be better general-purpose network cards for
this.. They may be at the next JT again, so I'll see what they're up to.
Mark.
--
Mark Poepping
Head IT Architect, Computing Services; Carnegie Mellon
> -----Original Message-----
> From: argus-info-bounces at lists.andrew.cmu.edu [mailto:argus-info-
> bounces at lists.andrew.cmu.edu] On Behalf Of Patrick Green
> Sent: Monday, January 09, 2006 7:00 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] Argus and MTP
>
> Hi,
>
> Has anyone had any experience of running Argus on top of Metanetworks
> MTP cards?
>
> We have been running some tests, on Fedora (customised kernel 2.6.11)
> with Argus Version 2.0.6, and an MTP card (www.metanetworks.org).
>
> If we run an nmap against a machine on the network, I can see the
> traffic using TCPdump (so the card is picking it up and forwarding it
> to the OS), but argus doesnt seem to pick the traffic up - at best it
> sees about four packets ... has anyone else seen this / something
> obvious I should try?
>
> Patrick
> ------------------------------------------------------------------------
> --
> Patrick Green - Computing Services, Oxford University
> http://users.ox.ac.uk/~patrick
> Mobile: +44 (0)7812215375
> PGP keyID 0x34E49221
>
More information about the argus
mailing list