search

idaholab / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
https://idaholab.github.io/Malcolm/
Other
354 stars 58 forks source link

investigate zeek/DPDK for packet capture #60

Closed mmguero closed 1 year ago

mmguero commented 3 years ago

After seeing the ZeekWeek 2021 presentation on packet capture with DPDK, It would be interesting to investigate this as an alternative to afpacket for packet capture on the hedgehog.

https://github.com/esnet/dpdk-plugin

mmguero commented 1 year ago

with af_packet being built into zeek by default as of v5.2, i think we'll stick to that for simplicity