[Oisf-users] What does it means??
Peter Manev
petermanev at gmail.com
Wed Oct 9 13:42:36 UTC 2013
>>
>> "I am monitoring a 1 GiB network, an as you can see in my previous post
>> host is a dual core, 10 GiB ram and 5 e1000 nics ..."
>>
>> That mislead me to the five nics :)
>
>
> Yes, host has 5 nics, but I am sniffing in only one ...
>
>>
>>>
>>> Command line is:
>>>
>>> /usr/local/bin/suricata -i em4 -c /data/config/etc/idpsuricata/suricata.yaml -D
>>
>> Do you have offloading enabled on the nic?
>
> Nop, offloading is disbled:
>
> em4: flags=48943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,MONITOR>
> metric 0 mtu 1514
> options=20d8<VLAN_MTU,VLAN_HWTAGGING,POLLING,VLAN_HWCSUM,WOL_MAGIC>
> ether 52:54:00:44:f9:ee
> inet6 fe80::5054:ff:fe44:f9ee%em4 prefixlen 64 scopeid 0x5
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: Ethernet autoselect (1000baseT <full-duplex>)
> status: active
>
>
>> Do you have TCP checksums enabled in yaml?
>
> Nop, as you suggested some time ago :).
aha :)
So (if I remember correctly) - some time ago we managed to fix this
issue with the drops. So what happened in between :) ?
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list