[Bro] Dropping packets - How do I leverage multiple core with BRO?
Justin Azoff
JAzoff at uamail.albany.edu
Fri Nov 12 08:06:04 PST 2010
On Thu, Nov 11, 2010 at 12:11:55PM -0500, Tyler T. Schoenke wrote:
> This may be possible. I just Googled and saw there is a program called
> tcprelay that can be used to feed a pcap into an Ethernet interface.
> You could use tcprelay to feed the pcap into the Click! Modular Router
> and have Click! load balance the traffic to a Bro cluster with many
> workers to utilize all your cores.
Click can read directly from a pcap file:
http://read.cs.ucla.edu/click/elements/fromdump
using that instead of FromDevice should work better than tcprelay.
--
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro
mailing list