Applications

Installation and Use of Napatech Link™ Capture Software for Intel® PAC with Intel® Arria® 10 GX FPGA

Platform
Content Type
Quick Guide
Capture Software Version
Link™ Capture Software 12.3

Installation and configuration guides for using some popular open-source security applications with Napatech Link™ Capture Software.

Some popular security applications

This guide includes installation and configuration guides for the following open source security applications:
  • Wireshark, Tcpdump and other libpcap-based applications

  • DPDK-based applications

  • Suricata

  • Snort

  • Bro

  • TRex

Installation and API options

Depending on the application, you can choose between several APIs. If package-based installation is a priority, libpcap may be the best option. If you are willing to build the application from source, you may get better performance and more features.
Application Napatech libpcap Native NTAPI Napatech DPDK
Wireshark, Tcpdump, Tcpreplay, etc. In general, packages. Some applications might need to be built from source.    
Suricata Suricata packages Build Suricata from source.  
Snort Packages for Snort 2.9.x and DAQ 2.0.x   Build Snort 3.0 and DAQ 2.2.2 from source. Requires Napatech DPDK installed.
Bro Bro packages Build Bro from source.  
TRex     Build from source. DPDK libs and drivers are included in TRex source.

Pros and cons of interface options

When you decide which API to use, consider these advantages and disadvantages:
  Napatech libpcap Native NTAPI Napatech DPDK
Advantages

libpcap support is available for many applications. libpcap provides simple package-based installation.

Native interfaces to NTAPI can provide multi-threaded and otherwise optimized packet processing.

DPDK provides multi-threaded/multi-stream and otherwise optimized packet processing.

Disadvantages

libpcap runs single-threaded and requires more work to optimize utilization of multiple CPUs.

Native interfaces to NTAPI are not available for many applications, and usually require building from source.

DPDK is not available for many applications, and usually requires building from source.