Friday, April 29, 2011

Pcaprr External DAQ has been posted

Today Jeff Murphy submitted to us another external DAQ module for Snort.  I think his email best describes it:

We use Endace DAG cards in our sensors along with regen taps. Those cards don't work with the bonding driver, so merging the two streams from a regen tap isn't possible (unless we use a different tap or fix the drivers to work together). The attached patch creates a new module in the os-daq-modules directory called "pcaprr.c". This module will open multiple devices and then make round-robin reads from the device list (much like the bonding driver would if it worked with the DAG driver).  Modifications made against DAQ 0.5 code.
Thanks Jeff for your contribution, as with any external additions to Snort, it's great to see the community putting code up!

I've placed Jeff's pcaprr DAQ module on the "External-Daq" page on   Enjoy!