[Bro] Dropping packets - How do I leverage multiple core with BRO?
Veronica Estrada
estrada.veronica at gmail.com
Fri Nov 12 08:12:36 PST 2010
That works great for me. Actually, installing tcprelay in the machine
may be problematic.
VE
On Sat, Nov 13, 2010 at 1:06 AM, Justin Azoff <JAzoff at uamail.albany.edu> wrote:
> On Thu, Nov 11, 2010 at 12:11:55PM -0500, Tyler T. Schoenke wrote:
>> This may be possible. I just Googled and saw there is a program called
>> tcprelay that can be used to feed a pcap into an Ethernet interface.
>> You could use tcprelay to feed the pcap into the Click! Modular Router
>> and have Click! load balance the traffic to a Bro cluster with many
>> workers to utilize all your cores.
>
> Click can read directly from a pcap file:
>
> http://read.cs.ucla.edu/click/elements/fromdump
>
> using that instead of FromDevice should work better than tcprelay.
>
> --
> -- Justin Azoff
> -- Network Security & Performance Analyst
>
More information about the Bro
mailing list