[Oisf-users] What does it means??

C. L. Martinez carlopmart at gmail.com
Wed Oct 9 14:09:33 UTC 2013


On Wed, Oct 9, 2013 at 2:05 PM, Peter Manev <petermanev at gmail.com> wrote:
>>>>>>
>>>>>>> Do you have TCP checksums enabled in yaml?
>>>>>>
>>>>>> Nop, as you suggested some time ago :).
>>>>>
>>>>> aha :)
>>>>> So (if I remember correctly) - some time ago we managed to fix this
>>>>> issue with the drops. So what happened in between :) ?
>>>>>
>>>>
>>>> This is a different host monitoring different network, and with
>>>> different problems :)) ... Previous installation goes well after some
>>>> tunning in SPAN port configuration .... But I use this previous
>>>> suricata.yaml config as base for this installation ...
>>>
>>> And does this installation need  some tuning in SPAN port
>>> configuration a well ? or you are past that stage?
>>>
>>
>> No, it doesn't. In this installation I use an OpenBSD host to redirect
>> all traffic to this suricata sensor ..
>
> Ok,
> Have you checked the OpenBSD host port/nic that redirect(mirrors?) the
> traffic for potential problems/drops and such?
>

Yes, and It doesn't drops packets. For example, for udp:

udp:
    6533535 datagrams received
    0 with incomplete header
    0 with bad data length field
    0 with bad checksum
    29 with no checksum
    13 dropped due to no socket
    0 broadcast/multicast datagrams undelivered
    0 dropped due to full socket buffers
    0 not for hashed pcb
    6533522 delivered
    157 datagrams output
    0 times multicast source filter matched



More information about the Oisf-users mailing list