[Oisf-users] Percentage of dropped packets
Peter Bates
peter.bates at ucl.ac.uk
Tue May 29 15:44:15 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all
On 29/05/2012 16:15, Victor Julien wrote:
>> tcp.invalid_checksum | AFPacketeth61 | 42560
>
> Invalid checksums can be caused by checksum offloading on your
> nic.
# ethtool -k eth6
Offload parameters for eth6:
rx-checksumming: off
tx-checksumming: off
Is there something else I need to do - or is there some way the
ethtool settings work with the settings in the suricata configuration?
>> tcp.stream_depth_reached | AFPacketeth61 | 1
>> tcp.reassembly_memuse | AFPacketeth61 | 15422350
>> tcp.reassembly_gap | AFPacketeth61 | 4894
>
> This is an indicator for packet loss. It indicates missing packets
> in TCP streams. It is possible that it's caused by the invalid
> checksums above as well though.
Running the script Chris provided (a wrapper round ethtool -S):
2012-05-29 16:40:26 - Pkts: 262913600, Lost: 0, 0/10 %, Pkts/s:
317592, Mb/s: 1875, Lost/s: 0, FSize 773
2012-05-29 16:40:36 - Pkts: 266014130, Lost: 0, 0/10 %, Pkts/s:
310053, Mb/s: -1469, Lost/s: 0, FSize -621
2012-05-29 16:40:46 - Pkts: 269054018, Lost: 0, 0/10 %, Pkts/s:
303988, Mb/s: 1780, Lost/s: 0, FSize 767
I don't entirely understand the negative values I'm getting here.
And using his wrapper around the Suricata stats.log:
Date: 1/13/2012 -- 15:10:51 (uptime: 0d, 00h 01m 16s) : 7 secs, 37533
pkts/s, 163 Mb/s, 2534 gaps, 21 gaps/s 262732
Date: 1/13/2012 -- 15:10:57 (uptime: 0d, 00h 01m 22s) : 6 secs, 45241
pkts/s, 215 Mb/s, 2735 gaps, 33 gaps/s 271449
- --
Peter Bates
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPxO7PAAoJELhVoVpEMS6RlFkH/1Fp2jmtAEB98XdOIJk0SC+c
sxPJjBEYB+f4jHjx/VklxoUVmhpEtgFWD0qBvvoUNAcFBLC9wJpktApMjeEYq4Ex
eD/+w+H8em/lCb85JYppP0FSJxScEZziwJLW7OPrVTfeRadoUrcfaNj1Z9oluuEo
eqGV7JZNhRszQPDr4MQBhNMTqzNnfzHI6N/N55aMoQvYSgwzIyc9AmoprV5I6OcV
+eNm5B42JjssCAuyT9dSDmpNvma2ZlS1EBcT/o7mEuIEGjKRGQyBQTvUV7AFGT3m
iOi72t+5E9qxb8v5l0fVqhewyFjKv1OFLu4WBfGJk0/5R2qMKYNtsQlAGEh3WqQ=
=gBn3
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list