[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] Snort Optimizations
From: Y M <snort () outlook ! com>
Date: 2015-11-13 11:50:09
Message-ID: CY1PR17MB017040CF283D3D455B5B3A75A8110 () CY1PR17MB0170 ! namprd17 ! prod ! outlook ! com
[Download RAW message or body]
Comments inline.
________________________________________
From: Turnbough, Bradley E. <bturnbough@belcan.com>
Sent: Thursday, November 12, 2015 4:41 PM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Snort Optimizations
Hi All,
Does snort have the ability to use the latest / greatest GPU technology to help \
offload some of the traffic detection?
> Not that I am aware of.
Other than being specifically compiled for PF_RING, are there any requirements of \
PF_RING? I.e. special hardware?
> Other than PF_RING prerequisites and runtime options, I am not aware of specific \
> requirements. Intel cards with PF_RING drivers can do a decent job. Most \
> specialized hardware like network drivers usually come with their own sniffing \
> drivers and libpcap/DAQ libraries. Other options than PF_RING are netmap which is \
> baked into DAQ/Snort, and there is also Packet-Bricks which is still relatively \
> experimental but seems promising. Your OS of choice also can add constraints. For \
> example, PF_RING is not supported on *BSD systems.
Lastly, does snort need any additional flags during run time to be told to use any \
special CPU extensions? For example: open vpn can utilize the AESNI extension to \
speed up traffic encryption / decryption, but only if told specifically told to \
during run time. Otherwise it doesnt use the AESNI extension.
> Not aware (again) of such support but combined with PF_RING, you can set CPU \
> Affinity/Pinning per Snort process to support load balanced packets/streams. In \
> general, maintain a balance between fast CPUs and number of cores per CPU. Other \
> optimizations include network driver optimizations, OS-level optimizations, and the \
> greatest optimization of all is rules tuning.
Hope this helps.
_____________________________________________________________ This e-mail \
transmission contains information that is confidential and may be privileged. It is \
intended only for the addressee(s) named above. If you receive this e-mail in error, \
please do not read, copy or disseminate it in any manner. If you are not the intended \
recipient, any disclosure, copying, distribution or use of the contents of this \
information is prohibited. Please reply to the message immediately by informing the \
sender that the message was misdirected. After replying, please erase it from your \
computer system. Your assistance in correcting this error is appreciated.
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic