<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">How busy is your network? Try
increasing your stream and http memcap setting to a gigabyte or
more. <br>
<br>
-Coop<br>
<br>
On 7/24/2017 11:25 AM, Jeremy A. Grove wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1016558240.9556972.1500920723243.JavaMail.zimbra@quadrantsec.com">
<meta http-equiv="Context-Type" content="text/html; charset=utf-8">
<div>
<div>I am using AF-packet with the below options.</div>
<div><br data-mce-bogus="1">
</div>
<div>
<div> - interface: eth0</div>
<div> threads: auto</div>
<div> cluster-id: 99</div>
</div>
<div>
<div> cluster-type: cluster_flow</div>
<div> defrag: yes</div>
</div>
<div> checksum-checks: kernel<br data-mce-bogus="1">
</div>
<div>
<div>
<div>- interface: eth1</div>
<div> threads: auto</div>
<div> cluster-id: 98</div>
<div> cluster-type: cluster_flow</div>
<div> defrag: yes</div>
<div> - interface: eth2</div>
<div> threads: auto</div>
<div> cluster-id: 97</div>
<div> cluster-type: cluster_flow</div>
<div> defrag: yes</div>
<div> - interface: eth3</div>
<div> threads: auto</div>
<div> cluster-id: 96</div>
<div> cluster-type: cluster_flow</div>
<div> defrag: yes</div>
</div>
</div>
<div><br>
</div>
<div data-marker="__SIG_PRE__">
<div><span data-mce-style="font-family: 'Segoe UI', 'Lucida
Sans', sans-serif; font-size: 14.16px;">Jeremy Grove, SSCP</span><br
data-mce-style="font-family: 'Segoe UI', 'Lucida Sans',
sans-serif; font-size: 14.16px;">
<span data-mce-style="font-family: 'Segoe UI', 'Lucida
Sans', sans-serif; font-size: 14.16px;">Senior Information
Security Analyst</span><br data-mce-style="font-family:
'Segoe UI', 'Lucida Sans', sans-serif; font-size:
14.16px;">
<span data-mce-style="font-family: 'Segoe UI', 'Lucida
Sans', sans-serif; font-size: 14.16px;">Quadrant
Information Security</span><br
data-mce-style="font-family: 'Segoe UI', 'Lucida Sans',
sans-serif; font-size: 14.16px;">
<span data-mce-style="font-family: 'Segoe UI', 'Lucida
Sans', sans-serif; font-size: 14.16px;">o: </span><span
class="Object" id="OBJ_PREFIX_DWT146_com_zimbra_phone"
data-mce-style="color: #005a95; cursor: pointer;
font-family: 'Segoe UI', 'Lucida Sans', sans-serif;
font-size: 14.16px;"><a href="callto:%28904%29296-9100"
target="_blank" data-mce-style="color: #005a95;
text-decoration: none; cursor: pointer;"
moz-do-not-send="true">(904)296-9100</a></span><span
data-mce-style="font-family: 'Segoe UI', 'Lucida Sans',
sans-serif; font-size: 14.16px;"> x100</span><br
data-mce-style="font-family: 'Segoe UI', 'Lucida Sans',
sans-serif; font-size: 14.16px;">
<span data-mce-style="font-family: 'Segoe UI', 'Lucida
Sans', sans-serif; font-size: 14.16px;">t: </span><span
class="Object" id="OBJ_PREFIX_DWT147_com_zimbra_phone"
data-mce-style="color: #005a95; cursor: pointer;
font-family: 'Segoe UI', 'Lucida Sans', sans-serif;
font-size: 14.16px;"><a href="callto:%28800%29%20538-9357"
target="_blank" data-mce-style="color: #005a95;
text-decoration: none; cursor: pointer;"
moz-do-not-send="true">(800) 538-9357</a></span><span
data-mce-style="font-family: 'Segoe UI', 'Lucida Sans',
sans-serif; font-size: 14.16px;"> x100</span><br
data-mce-style="font-family: 'Segoe UI', 'Lucida Sans',
sans-serif; font-size: 14.16px;">
<span data-mce-style="font-family: 'Segoe UI', 'Lucida
Sans', sans-serif; font-size: 14.16px;">e:</span><span
data-mce-style="font-family: 'Segoe UI', 'Lucida Sans',
sans-serif; font-size: 14.16px;"> </span><span
class="Object" id="OBJ_PREFIX_DWT148_ZmEmailObjectHandler"
data-mce-style="color: #005a95; cursor: pointer;
font-family: 'Segoe UI', 'Lucida Sans', sans-serif;
font-size: 14.16px;"><a class="moz-txt-link-abbreviated"
href="mailto:soc@quadrantsec.com" target="_blank"
data-mce-style="color: #005a95; text-decoration: none;
cursor: pointer;" moz-do-not-send="true">soc@quadrantsec.com</a></span><br
data-mce-style="font-family: 'Segoe UI', 'Lucida Sans',
sans-serif; font-size: 14.16px;">
<br data-mce-style="font-family: 'Segoe UI', 'Lucida Sans',
sans-serif; font-size: 14.16px;">
<span data-mce-style="font-family: 'Segoe UI', 'Lucida
Sans', sans-serif; font-size: 14.16px;">Learn more= about
our managed SIEM <span class="Object"
id="OBJ_PREFIX_DWT149_com_zimbra_url"
data-mce-style="color: #005a95; cursor: pointer;"><a
href="https://a.quadrantsec.com/3D%22https://quadrantsec.com/SaganMSSP%22"
target="_blank" data-mce-style="color: #005a95;
text-decoration: none; cursor: pointer;"
moz-do-not-send="true">people + product</a></span></span><br>
<br>
<br>
</div>
</div>
<br>
<hr id="zwchr" data-marker="__DIVIDER__">
<div data-marker="__HEADERS__"><b>From: </b>"Cooper F. Nelson"
<a class="moz-txt-link-rfc2396E" href="mailto:cnelson@ucsd.edu"><cnelson@ucsd.edu></a><br>
<b>To: </b>"Jeremy A. Grove" <a class="moz-txt-link-rfc2396E" href="mailto:jgrove@quadrantsec.com"><jgrove@quadrantsec.com></a>,
"oisf-users"
<a class="moz-txt-link-rfc2396E" href="mailto:oisf-users@lists.openinfosecfoundation.org"><oisf-users@lists.openinfosecfoundation.org></a><br>
<b>Sent: </b>Monday, July 24, 2017 2:07:48 PM<br>
<b>Subject: </b>Re: [Oisf-users] Fwd: File Extraction issues<br>
</div>
<br>
<div data-marker="__QUOTED_TEXT__">
<div class="moz-cite-prefix">Are you using the AF_PACKET RSS
mode?<br>
<br>
-Coop<br>
<br>
On 7/24/2017 11:11 AM, Jeremy A. Grove wrote:<br>
</div>
<blockquote
cite="mid:1570946096.9555664.1500919904289.JavaMail.zimbra@quadrantsec.com">
<div>Any advice on this?</div>
<br>
<div>Regards,</div>
<br>
<div>
<div><span>Jeremy Grove, SSCP</span><br>
<span>Senior Information Security Analyst</span><br>
<span>Quadrant Information Security</span><br>
<span>o: </span><span class="Object"
id="OBJ_PREFIX_DWT146_com_zimbra_phone"><a
href="callto:%28904%29296-9100" target="_blank"
moz-do-not-send="true">(904)296-9100</a></span><span> x100</span><br>
<span>t: </span><span class="Object"
id="OBJ_PREFIX_DWT147_com_zimbra_phone"><a
href="callto:%28800%29%20538-9357" target="_blank"
moz-do-not-send="true">(800) 538-9357</a></span><span> x100</span><br>
<span>e:</span><span> </span><span class="Object"
id="OBJ_PREFIX_DWT148_ZmEmailObjectHandler"><a
class="moz-txt-link-abbreviated"
href="mailto:soc@quadrantsec.com" target="_blank"
moz-do-not-send="true">soc@quadrantsec.com</a></span><br>
<br>
<span>Learn more= about our managed SIEM <span
class="Object" id="OBJ_PREFIX_DWT149_com_zimbra_url"><a
href="https://a.quadrantsec.com/3D%22https://quadrantsec.com/SaganMSSP%22"
target="_blank" moz-do-not-send="true">people +
product</a></span></span></div>
</div>
</blockquote>
<p><br>
</p>
<pre class="moz-signature">--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
<a class="moz-txt-link-abbreviated" href="mailto:cnelson@ucsd.edu" target="_blank" moz-do-not-send="true">cnelson@ucsd.edu</a> x41042</pre>
<br>
</div>
</div>
</blockquote>
<p><br>
</p>
<pre class="moz-signature" cols="72">--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
<a class="moz-txt-link-abbreviated" href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a> x41042</pre>
</body>
</html>