<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Arial",sans-serif;
color:windowtext;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:70.85pt 85.05pt 70.85pt 85.05pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head><body lang="EN-US" link="blue" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">What I found was the version of libpcap is too old. I need to upgrade that to at least 1.5 and then rebuild Suricata. Of course, to upgrade libpcap I need to upgrade gliobc2. Which likely
has other dependencies…SO, I’m going to Red Hat 7 in hopes the libraries are newer.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span style="font-size:12.0pt;font-family:"Times New Roman",serif">Charles DeVoe Jr.</span></b><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">Manager of Engineering<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">Multi-State Information Sharing and Analysis Center (MS-ISAC) <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">31 Tech Valley Drive<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">East Greenbush, NY 12061<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><a href="mailto:charles.devoe@cisecurity.org">charles.devoe@cisecurity.org</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">(518) 266-3494<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">7x24 Security Operations Center<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><a href="mailto:SOC@cisecurity.org"><span style="color:#0563C1">SOC@cisecurity.org</span></a> - 1-866-787-4722<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><img border="0" width="237" height="55" style="width:2.4687in;height:.5729in" id="Picture_x0020_1" src="cid:image001.png@01D35867.5274ABD0" alt="cid:image001.png@01D2F965.2E3564F0"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">
</span><a href="https://www.facebook.com/CenterforIntSec"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:windowtext;text-decoration:none"><img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="Picture_x0020_2" src="cid:image002.png@01D35867.5274ABD0" alt="id:image002.png@01D2926D.D9CF2E90"></span></a><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span><a href="https://twitter.com/CISecurity"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:windowtext;text-decoration:none"><img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="Picture_x0020_3" src="cid:image003.png@01D35867.5274ABD0" alt="id:image003.png@01D2926D.D9CF2E90"></span></a><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span><a href="https://www.youtube.com/user/TheCISecurity"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:windowtext;text-decoration:none"><img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="Picture_x0020_4" src="cid:image004.png@01D35867.5274ABD0" alt="id:image004.png@01D2926D.D9CF2E90"></span></a><span style="font-size:12.0pt;font-family:"Times New Roman",serif"> </span><a href="https://www.linkedin.com/company/the-center-for-internet-security"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:windowtext;text-decoration:none"><img border="0" width="32" height="33" style="width:.3333in;height:.3437in" id="Picture_x0020_5" src="cid:image005.png@01D35867.5274ABD0" alt="id:image005.png@01D2926D.D9CF2E90"></span></a><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Duarte Silva [mailto:duarte.silva@serializing.me]
<br>
<b>Sent:</b> Wednesday, November 08, 2017 1:58 AM<br>
<b>To:</b> Charles Devoe <Charles.Devoe@cisecurity.org>; oisf-users@lists.openinfosecfoundation.org<br>
<b>Subject:</b> RE: [Oisf-users] tpacket V3<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="PT" style="font-size:12.0pt;font-family:"Times New Roman",serif"><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="PT">Hi Charles,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="PT"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="PT">Can you check [1]? May help you debug he ssue and find the root cause.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="PT"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="PT">Cheers,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="PT">Duarte<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="PT"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="PT">[1] <a href="https://redmine.openinfosecfoundation.org/issues/1994">
https://redmine.openinfosecfoundation.org/issues/1994</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="PT"> <o:p></o:p></span></p>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span lang="PT">De: </span></b><span lang="PT"><a href="mailto:Charles.Devoe@cisecurity.org">Charles Devoe</a><br>
<b>Enviado: </b>7 de novembro de 2017 15:40<br>
<b>Para: </b><a href="mailto:oisf-users@lists.openinfosecfoundation.org">oisf-users@lists.openinfosecfoundation.org</a><br>
<b>Assunto: </b>[Oisf-users] tpacket V3<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="PT"> <o:p></o:p></span></p>
<p class="MsoNormal">I have suricata 4.0.1 running on Oracle Linux 6.9 (Red Hat Variant) Kernel is 4.1.12-103.9.2.el6uek.x86_64<span lang="PT"><o:p></o:p></span></p>
<p class="MsoNormal"><br>
When trying to run Suricata I get the following error<span lang="PT"><o:p></o:p></span></p>
<p class="MsoNormal"> <span lang="PT"><o:p></o:p></span></p>
<p class="MsoNormal">System too old for tpacket v3 switching to v2<span lang="PT"><o:p></o:p></span></p>
<p class="MsoNormal"><br>
<br>
What do I need to get this capability?<br>
<br>
I will be off in Google land looking for the fix, However, if someone could help me out it would be greatly appreciated.<span lang="PT"><o:p></o:p></span></p>
<p class="MsoNormal"> <span lang="PT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><span lang="PT"><o:p></o:p></span></p>
<p class="MsoNormal">This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited.
Please notify the sender immediately and permanently delete the message and any attachments.
<br>
<br>
. . . . .<span lang="PT"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="PT" style="font-size:12.0pt"> </span><span lang="PT"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="PT" style="font-size:12.0pt;font-family:"Times New Roman",serif"><br>
..... <o:p></o:p></span></p>
</div>
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender
immediately and permanently delete the message and any attachments.
<br /><br />. . . . .</body></html>