On Linux, a modified version of libpcap is available that implements a shared memory ring buffer. Phil Woods (cpw@lanl.gov) is the current maintainer of the libpcap implementation of the shared memory ring buffer. The shared memory ring buffer libpcap can be downloaded from his website at http://public.lanl.gov/cpw/.
Instead of the normal mechanism of copying the packets from kernel memory into userland memory, by using a shared memory ring buffer, libpcap is able to queue packets into a shared buffer that Snort is able to read directly. This change speeds up Snort by limiting the number of times the packet is copied before Snort gets to perform its detection upon it.
Once Snort linked against the shared memory libpcap, enabling the ring buffer is done via setting the enviornment variable PCAP_FRAMES. PCAP_FRAMES is the size of the ring buffer. According to Phil, the maximum size is 32768, as this appears to be the maximum number of iovecs the kernel can handle. By using PCAP_FRAMES=max, libpcap will automatically use the most frames possible. On Ethernet, this ends up being 1530 bytes per frame, for a total of around 52 Mbytes of memory for the ring buffer alone.
那么在ubuntu下:
在启动脚本中加入export PCAP_FRAMES=32768
版权声明:本文为博主原创文章,未经博主允许不得转载。
分享到:
相关推荐
pcap_findalldevs的应用,适合入门,网络抓包,大学学习区间写的,非常适合于入门,写代码只要入门了慢慢的就越来越熟练,
该程序同样通过WinPcap提供的函数,获取网络适配器,利用函数pcap_loop(pcap_t* p,int cnt,pcap_handle dispatch_handle,u_char* user)捕获数据包。The program provided the same function through the WinPcap, ...
在Linux平台下利用pcap捕获网络数据包,并分析统计.
这是一个专供学习测试用的 pcap 数据包,格式为pop3.pcap
PCA人脸识别算法,详细原理,相关算法,程序。非常有用,值得初学者学习。
该程序同样通过WinPcap提供的函数,获取网络适配器,利用函数pcap_loop(pcap_t* p,int cnt,pcap_handle dispatch_handle,u_char* user)捕获数据包。
网络抓包,smtp数据包,.pcap的格式
Examples-pcap_socket_dsp_TheNeed_源码
入侵检测数据集
用分析文件的方法对pcap文件进行解包,pcap文件是tcpdump的标准文件;如果用libpcap开发,要用p_open_offline函数。样例代码,供学习,欢迎指正。
PCap02采用ƒƒ80 x 48位哈佛架构的RISC处理器内核,内部集成128字节EEPROM,完全实现低功耗的高测量频率技术。PCap02集成低功耗的高速振荡器,内部和外部具有寄生容量的补偿,并且内部集成温度测量功能。为了减少...
$ pip install driver_pcap_parser $ sudo timeout 60s tcpdump -i eth0 -G 60 'dst port 123 and dst host 1.2.3.4' -w '/tmp/log.pcap' $ driver_pcap_parser -f /tmp/log.pcap {'serial': '123', 'src_ip': '1.1....
基站和核心网之间控制面的协议的数据包
PCAP file for Zigbee authentication
Friday-WorkingHours-Afternoon-DDos.pcap_ISCX.csv Friday-WorkingHours-Afternoon-PortScan.pcap_ISCX.csv Friday-WorkingHours-Morning.pcap_ISCX.csv Monday-WorkingHours.pcap_ISCX.csv Thursday-WorkingHours-...
资源来自pypi官网。 资源全名:driver_pcap_parser-0.1.20-py2.py3-none-any.whl
解析pcap包,并将相关信息和十六进制码流输出。
利用c++编写程序调用winpcap捉取arp包
读取pcap文件,分析数据包头(以太网帧头部,ipv4头部,tcp头部)