beautypg.com

Capturing to a host cpu – Force10 Networks PSeries 100-00055-01 User Manual

Page 23

background image

P-Series Installation and Operation Guide, version 2.3.1.2

23

Capturing to a Host CPU

Captured traffic can be sent to a host CPU through a libpcap library interface, where it can be made
available to applications for analysis. A typical implementation provides IDS/Snort acceleration because
of the hardware assist.

Figure 10 Capturing Matched Traffic via the libpcap Interface

SW

HW

libpcap

tcpdump

Snort

Custom app

M 1 P1 P0 M0

Traffic to

monitor

PB-10GE-2P

fn90035mp

Matched Traffic

Use the P-Series in an integrated security monitoring solution through the management port. The P-Series
comes with support for Sguil NSM (see

Network Security Monitoring on page 43

).

Figure 11 Creating a Network Monitoring Solution with the P-Series

SW

HW

libpcap

Custom app

M1 P1 P0 M0

Matched Traffic

Traffic to

monitor

Mgmt

Port

Custom
security

monitoring

application

PB-10GE-2P

fn90036mp

See also other documents in the category Force10 Networks Hardware: