How to use snort with dpdk? - dpdk

I have read a study that snort and dpdk are used together and snort performs better. However, I don't know much about dpdk and this confused me. Where can I find a resource for what I need to do to use dpdk and snort together? Or do you have an idea about it? Thank you.

Related

why PF_RING is more used then DPDK?

I am trying to choose which one to use for my project. After short resource I found that most of the companies are using PF_RING and not "Data Plane Development Kit" platform. Why?
Because using PF_RING is much easier to use and more portable than using DPDK which is a tool to solve specific problems.
If you are asking this kind of question, I think you need neither of these.

DHCP Option in Qt/C++

I would like to ask if there is a way to read DHCP option in Qt or c++ (Qt would be better) on linux. I have my own cups backend and would like to read option 9 - LPR Servers (all of the listed IP addresses) and use it as device uri.
So I want to know how to get specific (or all) option(s) informations from the DHCP lease.
I've looked to Qt's documentation but wasn't able to find anything useful and couldn't find any c++ libraries for linux.
I had exactly the same problem. I have found a library called Libcrafter which has a lot of features including DHCP support. There is a good example of DHCP usage in their examples. It is example #8.
This requirement is quite specific. I don't know there's such individual library for mere DHCP options.
So my suggestion is that, down one DHCP implementation(http://en.wikipedia.org/wiki/Comparison_of_DHCP_server_software), study how it handles the options.
Take dnsmasq_2.72 as an example, in file src/dhcp-common.c, there's function lookup_dhcp_opt().

Can somebody tell me why i *can* read minecraft server -> client data but not the other way around?

First of all, a big thank you to anyone willing to help!
You can skip the following wall of text if you want.
Background
I am trying to make a proxy program for my own minecraft server network. I wish to use multiple servers to allow people to play creative and survival on separate servers (to reduce serverload and increase my capacity). I am planning on using the transporter plugin for the server side of things, but I'd like to prevent having to install a clientpatch.
I discovered bungeecord, but it didn't do what I needed it to (namely, forge support for a modded server I plan on adding.) for mc 1.4.7 (which I need to use due to the server I plan on adding).
At the moment the system is running using a bungeecord proxy. However, md_5 told me that I'd need to write my own proxy (or mod his) to make it work the way I want. However, I really can't wrap my head around java (I just don't get it). So I decided to write my own.
The problem
After some research I discovered this to be doable. The hardest part would be to parse the packets. So I dug around for a library to do it for me. I came across libmcnet, which seemed to be what I wanted, but all the data it produced was garbled.
Looking over some packet dumps, and referencing it with wiki.vg, I discovered that libmcnet was giving me big-endian. However, my code and computers assume little-endian.
What I have done about it
After some thinking and looking over the code I thought it easier to write my own parser using some defines from libmcnet (namely include/mcnet/packets.h). So I copied the packets.h and read.h/read.c (both of which were heavily modified) and started recoding it. I did well enough, I think, as my system can successfully parse the server's 0xff (kick) packet during the server ping.
New problems
The next hurdle proved to be decrypting the client's data. It doesn't seem to use the same data standards as the server. For instance, the packet id the server transmits is 16 bit while the client's seems to be 8 bit.
So what I want to know:
Why does my code work fine on data from the server, but fail miserably when the client sends data? I'm pretty sure that libmcnet's code (on which I based it) is wrong as well.
Can anybody help me make this code work?
Code: http://pastebin.com/jg26yity (I figured this'd be cleaner)
Thank you all for your help!
*I'll add information if anybody requests more...
PS. First question asked here, so my post is a bit messy...
I figured it out, apparently I can't assume a library written to parse the minecraft protocol actually has proper code to read the protocol...
I was digging around and verifying what was read versus manually reading it... Appearantly a byte isn't a byte with minecraft and I thought the library had it covered.

Capture and forwarding of network traffic from a particular application on Windows

I need to capture network traffic that is going in/out of a particular application. The main issue is that I would like to do this in a blocking fashion -- i.e. capture the traffic, perform some analysis and encryption/decryption on it and then forward it along its regular route. So, it must use some sort of a blocking mechanism.
Is there some code or a library that makes this easy to do on Windows (Server 2008 or Win7 will do)? Any C++ (or Python/Java) classes or libraries that already exist?
I intend for the solution to also execute on the same machine as the target app and have administrative privileges.
Any pointers to code samples would be greatly appreciated.
Thanks for your help.
p.s.: I have been looking at WinPcap but from my (limited) understanding, it can't filter/block based on specific applications. Is that right, or did I miss something? Any other solutions out there?
For this you should look at WinDivert. Unlike regular packet sniffers (like winpcap), WinDivert also has the ability to block/filter packets, so it might be what you are looking for. Disclosure: WinDivert is my own project.

Capturing MSN Chat via Memory

Is it possible, or does anyone know the best way to capture MSN chats? I was thinking about attaching to the MSN process, and messing about searching for static addresses for conversations, to capture them.
(This is all on the windows platform using c++)
It would probably be easiest to sniff packets on the ports known to be used by MSN. That has the added benefit of working with clients other than the Microsoft one (such as Pidgin).
Assuming the protocol is unencrypted, it would probably be easier to attach to the process and intercept the network traffic than to search all of the application memory for chats. But that's no small task, either.
omg i just googled and discovered there's a whole cottage industry around doing this. pay $60+ to record MSN chat - are you kidding ? .. Please~ someone release an Open Source solution.