[Bro] Question about network cards

Miller, Brad L BLMILLER at comerica.com
Tue Apr 12 13:41:37 PDT 2016

We are using Endace cards which are quite a bit more pricey, but we are actively looking at the Myricom cards now.

My advice – get the Myricom cards.  While you can do pfring using standard cards, nothing beats the low to no capture loss hardware.  The ability to do onboard load distribution with multiple sub interfaces is a killer feature and your Bro config is greatly simplified.  We use a patched version of libpacap for Endace.. but I hear that 2.5 may incorporate native Myricom support.

Without cards like these it is like getting a new mustang but skimping on the powertrain options.

From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Giesige, Rich
Sent: Tuesday, April 12, 2016 4:24 PM
To: bro at bro.org
Subject: [Bro] Question about network cards


I’m wondering what people are using for network cards in their bro clusters that are not using the Myricom Network Cards. We don’t have a $1,000 dollars per a card + license to spend on the cards. Is anyone using Intel or other brands that aren’t as expensive to capture their traffic? We are looking at doing all 10 Gig connections into the Bro Cluster.

Thanks for all your answers.

Richard Giesige
IT Security Analyst
Office of Information Security
Oregon State University

"OSU staff will NEVER ask for you password.
Never email or share your password with anyone."

Please be aware that if you reply directly to this particular message, your reply may not be secure. Do not use email to send us communications that contain unencrypted confidential information such as passwords, account numbers or Social Security numbers. If you must provide this type of information, please visit comerica.com to submit a secure form using any of the ”Contact Us” forms. In addition, you should not send via email any inquiry or request that may be time sensitive. The information in this e-mail is confidential. It is intended for the individual or entity to whom it is addressed. If you have received this email in error, please destroy or delete the message and advise the sender of the error by return email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160412/4fc59c95/attachment-0001.html 

More information about the Bro mailing list