<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:13px"><div id="yui_3_16_0_1_1443735035968_5209">Sending again as the first mail was a bit obfuscated due to formatting issues.</div><div style="font-family: arial, helvetica, sans-serif; font-size: 13px;" id="yui_3_16_0_1_1443735035968_5214"><div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 16px;" id="yui_3_16_0_1_1443735035968_5213"><div dir="ltr" id="yui_3_16_0_1_1443735035968_5212"> </div> <div class="y_msg_container" id="yui_3_16_0_1_1443735035968_5302"><br><div id="yiv0401950983"><div id="yui_3_16_0_1_1443735035968_5304"><div style="color:#000;background-color:#fff;font-family:arial, helvetica, sans-serif;font-size:13px;" id="yui_3_16_0_1_1443735035968_5303"><div id="yiv0401950983yui_3_16_0_1_1443713322019_4287" class="yiv0401950983"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4326">Hi Victor,</font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4328"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4330"><br class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4332"></font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4334"><span style="font-size:14px;font-family:Times;" id="yiv0401950983yui_3_16_0_1_1443713322019_4789">I am using Suricata(and ELK) to capture and analyze network packets. </span><br></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4342"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4344"><br class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4346"></font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4348"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4350">I facing an issue with http packet capture. My http.log(and eve.json) is empty. I have verified with wireshark capture that http packets can be seen from the host. It’s just that suricata is not able to populate http.log.</font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4352"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4354">I was wondering, if you could give me some valuable inputs to troubleshoot this issue??</font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4356"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4358"><br class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4360"></font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4362"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4364">Physical setup </font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4362"><font face="Times" class="yiv0401950983" style="font-size:14px;"><br></font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4366" dir="ltr"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4368">1. Packets are duplicated and sent to the Ubuntu server with suricata. A splitter, which sits between the border router and ISP(Similar to SPAN), sends the duplicate traffic to to our IDS server.</font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4370"><font face="Times" class="yiv0401950983" style="font-size:14px;"><br></font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4370"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4372">2. We are using a <a rel="nofollow" target="_blank" href="http://web/~doc/progs/MoinMoin/wiki-moinmoin/moin.cgi/SuperMicro" class="yiv0401950983" style="text-decoration:none;" id="yiv0401950983yui_3_16_0_1_1443713322019_4374"><span class="yiv0401950983" style="color:rgb(17, 85, 204);vertical-align:baseline;white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4376">SuperMicro</span></a><span class="yiv0401950983" style="vertical-align:baseline;white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4378"> Xenon A+ 1042G-TF Server. A 10G FC port(eth2) is used for packet capture.</span></font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4380"><span class="yiv0401950983" style="vertical-align:baseline;white-space:pre-wrap;font-size:14px;"><font face="Times" class="yiv0401950983"><br></font></span></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4380"><span class="yiv0401950983" style="vertical-align:baseline;white-space:pre-wrap;font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4382"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4384">3. All offloading is disabled as following </font></span></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4380"><span class="yiv0401950983" style="vertical-align:baseline;white-space:pre-wrap;font-size:14px;"><font face="Times" class="yiv0401950983"><br></font></span></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4386"><span class="yiv0401950983" style="vertical-align:baseline;white-space:pre-wrap;font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4388"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4390"><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4392">khushal@hermes:/var/log/suricata$ sudo ethtool -k eth2</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4394">Features for eth2</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4396">rx-checksumming off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4398">tx-checksumming off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4400"><span class="yiv0401950983" style="white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4402">     </span>tx-checksum-ipv4 off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4404"><span class="yiv0401950983" style="white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4406">      </span>tx-checksum-ip-generic off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4408"><span class="yiv0401950983" style="white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4410">        </span>tx-checksum-ipv6 off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4412"><span class="yiv0401950983" style="white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4414">      </span>tx-checksum-fcoe-crc off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4416"><span class="yiv0401950983" style="white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4418">  </span>tx-checksum-sctp off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4420">scatter-gather off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4422"><span class="yiv0401950983" style="white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4424">   </span>tx-scatter-gather off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4426"><span class="yiv0401950983" style="white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4428">     </span>tx-scatter-gather-fraglist off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4430">tcp-segmentation-offload off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4432"><span class="yiv0401950983" style="white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4434">       </span>tx-tcp-segmentation off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4436"><span class="yiv0401950983" style="white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4438">   </span>tx-tcp-ecn-segmentation off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4440"><span class="yiv0401950983" style="white-space:pre-wrap;" id="yiv0401950983yui_3_16_0_1_1443713322019_4442">       </span>tx-tcp6-segmentation off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4444">udp-fragmentation-offload off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4446">generic-segmentation-offload off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4448">generic-receive-offload off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4450">large-receive-offload off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4452">rx-vlan-offload on [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4454">tx-vlan-offload on [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4456">ntuple-filters off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4458">receive-hashing off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4460">highdma: on [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4462">rx-vlan-filter: on [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4464">vlan-challenged off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4466">tx-lockless off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4468">netns-local off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4470">tx-gso-robust off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4472">tx-fcoe-segmentation off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4474">tx-gre-segmentation off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4476">tx-ipip-segmentation off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4478">tx-sit-segmentation off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4480">tx-udp_tnl-segmentation off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4482">tx-mpls-segmentation off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4484">fcoe-mtu off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4486">tx-nocache-copy on</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4488">loopback off</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4490">rx-fcs off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4492">rx-all off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4494">tx-vlan-stag-hw-insert off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4496">rx-vlan-stag-hw-parse off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4498">rx-vlan-stag-filter off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4500">l2-fwd-offload off [fixed]</div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4502">khushal@hermes /var/log/suricata$ </div></font></span></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4504"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4506"><br class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4508"></font></div><div class="yiv0401950983" style="font-family:Helvetica;font-size:12px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4510"><div class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4512"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4514">Currently, I am facing an issue with HTTP packet capture on eth2(FC Port).</font></div><div class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4512"><font face="Times" class="yiv0401950983" style="font-size:14px;"><br></font></div><div class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4516"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4518">Following are the details of this port </font></div><div class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4520"><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4522"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4524"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4526">       description: Ethernet interface</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4528"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4530"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4532">       product: MT27500 Family [ConnectX-3]</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4534"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4536"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4538">       vendor: Mellanox Technologies</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4540"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4542"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4544">       physical id: 0</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4546"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4548"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4550">       bus info: pci@0000:03:00.0</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4552"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4554"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4556">       logical name: eth2</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4558"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4560"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4562">       version: 00</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4564"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4566"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4568">       serial: 00:02:c9:23:12:00</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4570"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4572"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4574">       width: 64 bits</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4576"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4578"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4580">       clock: 33MHz</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4582"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4584"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4586">       capabilities: pm vpd msix pciexpress bus_master cap_list rom ethernet physical fibre</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4588"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4590"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4592">       configuration: autonegotiation=off broadcast=yes driver=mlx4_en driverversion=2.2-1 (Feb 2014) duplex=full firmware=2.11.500 latency=0 link=yes multicast=yes port=fibre</i></font></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4594"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4596"><i class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4598">       resources: irq:24 memory:dff00000-dfffffff memory:dd800000-ddffffff memory:dfe00000-dfefffff</i></font></div></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4600"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4602"><br class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4604"></font></div><div class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4606"><div class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4608"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4610"><br class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4612"></font></div><div class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4614"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4616">Basically eth2(FC port) is not able to capture HTTP packets. It can capture all types of packets except for http and the http log is empty. </font></div><div class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4618"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4620"><br class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4622"></font></div><div class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4624"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4626">I was also facing the same issue on eth0(1G Copper port). After disabling offloading on eth0 and it started capturing HTTP packets. However, disabling offloading on eth2, does not help. </font></div><div class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4628"><font face="Times" class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4630"><br class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4632"></font></div><div class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4634"><font face="Times" class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4636"><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4638"><span class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4640">Suricata Version :</span></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4642"><span class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4644">This is Suricata version 2.0.8 RELEASE</span></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4646"><span class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4648"><br class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4650"></span></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4652"><span class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4654">Please find suricata.yaml attached.</span></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4656"><span class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4658"><br class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4660"></span></div><div class="yiv0401950983" style="margin:0px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4662"><span class="yiv0401950983" style="font-size:14px;" id="yiv0401950983yui_3_16_0_1_1443713322019_4664">Thanks, Khushal</span></div><div class="yiv0401950983" style="margin:0px;font-size:11px;font-family:Menlo;" id="yiv0401950983yui_3_16_0_1_1443713322019_4666"><br class="yiv0401950983" id="yiv0401950983yui_3_16_0_1_1443713322019_4668"></div><div class="yiv0401950983" style="margin:0px;font-size:11px;font-family:Menlo;" id="yiv0401950983yui_3_16_0_1_1443713322019_4670"></div></font></div></div></div><div class="yiv0401950983" title="suricata.yaml" style="font-family:Helvetica;font-size:12px;" dir="ltr" title-off=""></div></div></div></div><br><br></div> </div> </div>  </div></body></html>