Does anyone know if bro-ids capturing from a napatech card is known not to work?
I’ve successfully compiled against the napatech provided libpcap, and ldd shows linkage to
/opt/napatech3/lib/{ libpcap.so.1, libntapi.so, libntos.so }
But it keeps giving a “fatal error … problem with interface nt3g1 - pcap_setnoblock SIOCGIFADDR: nt3g1: No such device”
“tcpdump -D” shows the device and I can sniff with it.
Thought I’d check.
Thanks,
kb
I've never heard that anyone has tried. Does their libpcap wrapper support the nonblocking functionality in libpcap? There are relatively few applications that use libpcap in nonblocking mode so it's certainly possible that they haven't implemented it.
.Seth
I’m affraid I’m out of my league on the nonblocking issue. I see references to pcap_getnonblock and pcap_setnonblock in the pcap.h file provided with the Napatech Software Suite. Beyond that, at the moment I’m not sure how to investigate further. I may use pf_ring as an immediate solution, and communicate with the Npulse team in the longer term, unless of course someone saves the day with stories of success.
Thanks for your feedback!