Is anyone using the Endace DAG cards? I looking for the performance gains over using PF_RING and off the shelf Intel cards. Ultimately I’m looking for the best file extraction performance that can be achieved. Thanks in advance.
I don't know how useful my contribution here is, but...
Yes, I have a 9.2X2 we purchased in 2010, now in its second server and fourth or fifth Bro install. Obviously having kept it this long, I don't have many complaints. At the same time, I don't find a whole lot of difference between it and the Intel X520s we have deployed with PF_RING (and one of our newer PF_RING installations is outperforming the DAG). That said, I've spent more time playing with the X520s, so it's possible the DAG could outperform them with equivalent TLC (and also obviously this is an older card) - but X520s are older nowadays too.
I haven't tried the bro-pkg for the DAG yet, although once I've got some free time (hahaha) I would very much like to give it a try. Also YMMV quite a bit depending on the hardware you're marrying to your NICs, your real-world network traffic, specific distribution/kernel version, etc etc etc.
And I expect that at least one regular list contributor might suggest you try AF_PACKET with your Intels. 
Mike
Would you say AF_PACKET over PF_RING? Thanks.
Yes I would
Try afpacket and maybe X710. You’re going to invest in cards that cost more than your server (DAG) do why not spend 300 usd and make an experiment.
https://github.com/pevma/SEPTun
https://github.com/pevma/SEPTun-Mark-II
This applies to Bro as well, especially the part about hardware and OS tuning.
As a note, DAG cards are still not $300 (at least new!), but should not cost more than your server.
You can figure out who to ask if you are interested in actual pricing I would think.
Stephen