FYI nCap
william metcalf
william.metcalf at gmail.com
Wed Jun 24 18:16:42 EDT 2009
Hmmm are you sure you don't mean PF_RING or PF_RING+TNAPI? I think nCap
is quite old.
http://www.ntop.org/news.html
If you want to play with CentOS + argus/snort/daemonlogger/other pcap
apps + PF_RING I created a repo with RPMS... that reminds me I need to
upload the latest PF_RING enabled kernel. BTW this breaks downstream
apps that work on libpcap 0.9.4 as the version posted is libpcap 0.9.7.
http://www.emergingthreats.net/emergingrepo/
Regards,
Will
On Thu, 2009-06-25 at 09:53 +1200, Russell Fulton wrote:
> I thought this message from Phil Wood might be of interest to this
> group. Phil maintains the libpcap version for linux ring buffer.
>
> R
>
> Begin forwarded message:
>
> > From: Phil Wood <cpw at lanl.gov>
> > Date: 25 June 2009 1:49:34 AM
> > To: Russell Fulton <r.fulton at auckland.ac.nz>
> > Subject: Re: [Snort-users] installing libpcap-0.9.20060417 (linux
> > kernel ring buffer)
> >
> >
> > On Wed, 2009-06-24 at 11:30 +1200, Russell Fulton wrote:
> >> THanks very much Phil!
> >
> > Your welcome.
> >
> > BTW, Luca Deri has a new libpcap out that will turn my stuff into a
> > dinosaur. If you are in a 10gigabit environment, where the rates are
> > hovering around that level, then you may want to go this route.
> >
> > http://luca.ntop.org/nCap/
> >
> > If you do, let me know how it goes.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090624/811a2902/attachment.sig>
More information about the argus
mailing list