[Oisf-users] What does this message means?

Eric Leblond eric at regit.org
Tue May 14 08:47:37 UTC 2013


Hello,

Le mardi 14 mai 2013 à 08:41 +0000, C. L. Martinez a écrit :
> Hi all,
> 
>  I have installed suricata 2.0dev release from git under a FreeBSD 9.1
> host. When suricata starts, shows me the following message:
> 
> 08:27:47 - (source-pcap.c:385) <Info> (ReceivePcapThreadInit) --
> Running in 'auto' checksum mode. Detection of interface state will
> require 1000 packets.
> 
>  What does it means? Do I need to modify "max-pending-packets" option??

Pcap does not provide a way to detect if checksum offloading is used by
the network card. The 'auto' mode tries to discover if this is the case
by analyzing the 1000 first packets and assuming there is offloading if
it sees a big rate of invalid checksums.

You can use the checksum check option in the YAML to tell suricata how
checksum check must be handled on an interface. For example:

pcap:
 - interface: enx0
	checksum-checks: yes

BR,

> 
> Thanks.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130514/d980ee2c/attachment.sig>


More information about the Oisf-users mailing list