[Oisf-users] What does it means??
C. L. Martinez
carlopmart at gmail.com
Wed Oct 9 14:09:33 UTC 2013
On Wed, Oct 9, 2013 at 2:05 PM, Peter Manev <petermanev at gmail.com> wrote:
>>>>>>
>>>>>>> Do you have TCP checksums enabled in yaml?
>>>>>>
>>>>>> Nop, as you suggested some time ago :).
>>>>>
>>>>> aha :)
>>>>> So (if I remember correctly) - some time ago we managed to fix this
>>>>> issue with the drops. So what happened in between :) ?
>>>>>
>>>>
>>>> This is a different host monitoring different network, and with
>>>> different problems :)) ... Previous installation goes well after some
>>>> tunning in SPAN port configuration .... But I use this previous
>>>> suricata.yaml config as base for this installation ...
>>>
>>> And does this installation need some tuning in SPAN port
>>> configuration a well ? or you are past that stage?
>>>
>>
>> No, it doesn't. In this installation I use an OpenBSD host to redirect
>> all traffic to this suricata sensor ..
>
> Ok,
> Have you checked the OpenBSD host port/nic that redirect(mirrors?) the
> traffic for potential problems/drops and such?
>
Yes, and It doesn't drops packets. For example, for udp:
udp:
6533535 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
29 with no checksum
13 dropped due to no socket
0 broadcast/multicast datagrams undelivered
0 dropped due to full socket buffers
0 not for hashed pcb
6533522 delivered
157 datagrams output
0 times multicast source filter matched
More information about the Oisf-users
mailing list