[Oisf-users] What does it means??
Peter Manev
petermanev at gmail.com
Wed Oct 9 13:21:52 UTC 2013
On Wed, Oct 9, 2013 at 3:14 PM, C. L. Martinez <carlopmart at gmail.com> wrote:
> On Wed, Oct 9, 2013 at 1:10 PM, Peter Manev <petermanev at gmail.com> wrote:
>>>> --
>>>
>>> More or less, same numbers using autofp runmode:
>>>
>>> -------------------------------------------------------------------
>>> Date: 10/9/2013 -- 13:05:07 (uptime: 0d, 00h 03m 18s)
>>> -------------------------------------------------------------------
>>> Counter | TM Name | Value
>>> -------------------------------------------------------------------
>>> capture.kernel_packets | RxPcapem41 | 2283902
>>> capture.kernel_drops | RxPcapem41 | 1717154
>>> capture.kernel_ifdrops | RxPcapem41 | 0
>>> _______________________________________________
>>
>> What is your start line?
>> Have you tried with just one interface and then gradually add all 5?
>>
>
> I am sniffing only in one interface, not in 5 ...
"I am monitoring a 1 GiB network, an as you can see in my previous post
host is a dual core, 10 GiB ram and 5 e1000 nics ..."
That mislead me to the five nics :)
>
> Command line is:
>
> /usr/local/bin/suricata -i em4 -c /data/config/etc/idpsuricata/suricata.yaml -D
Do you have offloading enabled on the nic?
Do you have TCP checksums enabled in yaml?
thanks
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list