ARGUS and Endace(re: Emulex) DAG Cards

James Grace jgrac002 at fiu.edu
Thu Feb 13 15:31:42 EST 2014


Thanks for the help! I'll definitely be a bit more active on this list 
as my deadlines get closer :-)

-james

On 02/13/2014 02:46 PM, Carter Bullard wrote:
> Hey Guys,
> We have native DAG driver support, but like Jesse sez,
> using the Endace libpcap library is the way to go unless you
> need to go very fast, and the libpcap limitations get in the
> way.
>
> Use argus to read packets off the wire, don’t do the packet
> file strategy unless you want to keep the packet files for
> some reason.  Then use the ra* programs to collect and store
> the flow data, which you then analyze for forensics, or
> ops or performance management.
>
> Use the ./configure —with-libpcap=DIR option to point the
> packages at the Endace libpcap library.  If you have any
> problems, just holler !!!
>
> Carter
>
> On Feb 13, 2014, at 2:36 PM, Jesse Bowling <jessebowling at gmail.com 
> <mailto:jessebowling at gmail.com>> wrote:
>
>> Hi James,
>>
>> If I'm remembering correctly, Endace provides a custom libpcap, is 
>> that correct? If so, you would just need to compile argus against 
>> that libpcap and then use argus directly on the stream...Of course, 
>> you could also generate pcaps and run argus against them in a 
>> scripted fashion, which might be good for your workflow, but you'd 
>> lose the realtime options of the various clients...Just depends on 
>> what you want to do! :)
>>
>> Cheers,
>>
>> Jesse
>>
>>
>> On Thu, Feb 13, 2014 at 2:27 PM, James Grace <jgrac002 at fiu.edu 
>> <mailto:jgrac002 at fiu.edu>> wrote:
>>
>>     Good Afternoon,
>>     I've read from various sources on the intertubes that ARGUS can
>>     be used to in conjunction with DAG cards.  I was wondering how
>>     this is usually done. Does one use the DAG software to created
>>     the tracefiles and convert them to pcap for argus-clients to use,
>>     or does one use ARGUS itself?
>>
>>     Cheers,
>>     -james
>>
>>     -- 
>>     James H. Grace
>>     Senior Network Engineer
>>     AMPATH / CIARA
>>     Florida International University
>>     +1-305-348-8077 <tel:%2B1-305-348-8077>
>>
>>
>>
>>
>> -- 
>> Jesse Bowling
>>

-- 
James H. Grace
Senior Network Engineer
AMPATH / CIARA
Florida International University
+1-305-348-8077

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140213/eed81fd8/attachment.html>


More information about the argus mailing list