[Oisf-users] What does it means??
C. L. Martinez
carlopmart at gmail.com
Wed Oct 9 13:46:01 UTC 2013
On Wed, Oct 9, 2013 at 1:42 PM, Peter Manev <petermanev at gmail.com> wrote:
>>>
>>> "I am monitoring a 1 GiB network, an as you can see in my previous post
>>> host is a dual core, 10 GiB ram and 5 e1000 nics ..."
>>>
>>> That mislead me to the five nics :)
>>
>>
>> Yes, host has 5 nics, but I am sniffing in only one ...
>>
>>>
>>>>
>>>> Command line is:
>>>>
>>>> /usr/local/bin/suricata -i em4 -c /data/config/etc/idpsuricata/suricata.yaml -D
>>>
>>> Do you have offloading enabled on the nic?
>>
>> Nop, offloading is disbled:
>>
>> em4: flags=48943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,MONITOR>
>> metric 0 mtu 1514
>> options=20d8<VLAN_MTU,VLAN_HWTAGGING,POLLING,VLAN_HWCSUM,WOL_MAGIC>
>> ether 52:54:00:44:f9:ee
>> inet6 fe80::5054:ff:fe44:f9ee%em4 prefixlen 64 scopeid 0x5
>> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>> media: Ethernet autoselect (1000baseT <full-duplex>)
>> status: active
>>
>>
>>> Do you have TCP checksums enabled in yaml?
>>
>> Nop, as you suggested some time ago :).
>
> aha :)
> So (if I remember correctly) - some time ago we managed to fix this
> issue with the drops. So what happened in between :) ?
>
This is a different host monitoring different network, and with
different problems :)) ... Previous installation goes well after some
tunning in SPAN port configuration .... But I use this previous
suricata.yaml config as base for this installation ...
More information about the Oisf-users
mailing list