[Bro] Network capture cards -- your experience
Jason Chambers
jchambers at ucla.edu
Fri Sep 12 16:54:23 PDT 2008
Matt Cuttler wrote:
> On 9/12/08 5:43 PM, "Joel Ebrahimi" <jebrahimi at bivio.net> wrote:
>
>> I work for Bivio Networks and we have deployed Bro on our hardware and
>> achieved multi-gig monitoring throughput. Our hardware is a specialty
>> networking appliance and not commodity hardware with an accelerator
>> card.
>>
> Joel,
>
> Please understand that this post is not intended to be antagonistic in any
> way, but I remember Bivio claiming to (briefly) natively support Bro (with a
> custom and/or pre-compiled and/or optimized-for-hardware version; IIRC it
> was called "Brooklyn").
>
I talked to their sales group briefly about this. They report having a
specialized package for Bro to work with their environment (the Bivio
API)... at least thats how I understood it.
Another reader pointed out http://www.pcapexpress.com/ which looks
interesting as they support FreeBSD as well as Linux.
I'll wait for a couple days and post the anonymized results to the
wiki. In the absence of confirmed performance results at the least the
potential to seed the next research paper exists. Many of the papers
I've read only compare commodity hardware to Endace.
--Jason
More information about the Bro
mailing list