This plugin provides native Myricom SNF v3+v4 support for Bro.


Follow Myricom’s instructions to get its kernel module and userspace libraries installed, then use the following commands to configure and build the plugin.

After building bro from the sources, change to the “aux/plugins/myricom” directory and run:

./configure --with-myricom=<path to sniffer sources> --bro-dist=<path to bro sources>
make && sudo make install

Note: In most cases, if you are building this plugin from the Bro source tree, you won’t need any configure arguments.

If everything built and installed correctly, you should see this:

# bro -N Bro::Myricom
Bro::Myricom - Packet acquisition via Myricom SNF v3 (dynamic, version 1.0)

You may run Bro as unprivileged user.


Once installed, you can use Myricom interfaces/ports by prefixing them with myricom:: on the command line. For example, to use Myricom SNF to monitor interface p2p1:

bro -i myricom::p2p1

To use it in production with multiple Bro processes, use a configuration similar to this in node.cfg:

lb_procs=<number of processes, like 16>
interface=myricom::<interface name, like p2p1>

If you would like to sniff all Myricom interfaces on a system and merge them together, there is a special interface name available of myricom::*. It uses a special feature of the Myricom SNF library for port aggregation.

To run a cluster sniffing all Myricom interfaces on a system, you can use the same configuration as above, but with the special interface name that aggregates all Myricom ports like this:

lb_procs=<number of processes, like 16>


You may wish to tune the amount of memory used for the global packet buffer. This setting is available in the Bro script interface to the plugin, but it’s also available as a global option in broctl.cfg or as a per-node option in node.cfg. The following line in either config file will set the SNF packet buffer ring size to 16GB:



Next Page


Copyright 2016, The Bro Project. Last updated on November 15, 2018. Created using Sphinx 1.7.5.