Installation and configuration guides for using some popular open-source security applications with Napatech Link™ Capture Software.
Some popular security applications
-
Wireshark, Tcpdump and other libpcap-based applications
-
DPDK-based applications
-
Suricata
-
Snort
-
Bro
-
TRex
Installation and API options
Application | Napatech libpcap | Native NTAPI | Napatech DPDK |
---|---|---|---|
Wireshark, Tcpdump, Tcpreplay, etc. | In general, packages. Some applications might need to be built from source. | ||
Suricata | Suricata packages | Build Suricata from source. | |
Snort | Packages for Snort 2.9.x and DAQ 2.0.x | Build Snort 3.0 and DAQ 2.2.2 from source. Requires Napatech DPDK installed. | |
Bro | Bro packages | Build Bro from source. | |
TRex | Build from source. DPDK libs and drivers are included in TRex source. |
Pros and cons of interface options
Napatech libpcap | Native NTAPI | Napatech DPDK | |
---|---|---|---|
Advantages |
libpcap support is available for many applications. libpcap provides simple package-based installation. |
Native interfaces to NTAPI can provide multi-threaded and otherwise optimized packet processing. |
DPDK provides multi-threaded/multi-stream and otherwise optimized packet processing. |
Disadvantages |
libpcap runs single-threaded and requires more work to optimize utilization of multiple CPUs. |
Native interfaces to NTAPI are not available for many applications, and usually require building from source. |
DPDK is not available for many applications, and usually requires building from source. |