[Oisf-users] file truncated

Miso Mijatovic mmijatovic at sorint.it
Tue Apr 21 08:21:28 UTC 2015 

Hi,

> Miso, as a sanity check could you run 'ethtool -k' on your monitor
> interface and copy the results here?
I confirm i disabled the NIC offloading on eth0 and eth1 and if i run 'ethtool -k' have the same result for the two interfaces:

Features for eth1:
rx-checksumming: off
tx-checksumming: off
	tx-checksum-ipv4: off
	tx-checksum-unneeded: off [fixed]
	tx-checksum-ip-generic: off [fixed]
	tx-checksum-ipv6: off
	tx-checksum-fcoe-crc: off [fixed]
	tx-checksum-sctp: off [fixed]
scatter-gather: off
	tx-scatter-gather: off
	tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
	tx-tcp-segmentation: off
	tx-tcp-ecn-segmentation: off
	tx-tcp6-segmentation: off
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off [fixed]
rx-vlan-offload: off
tx-vlan-offload: off
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: on
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: on
loopback: off [fixed]

> Are there a lot of drops/gaps in the stats.log?
I don't have kernel drops but i noticed i have some tcp gaps. I'm attaching some graphs.

> What is your set up - is it entirely virtual(including the mirror technique)?
My set up is entirely physical.


----- Messaggio originale -----
Da: "Cooper F. Nelson" <cnelson at ucsd.edu>
A: "Peter Manev" <petermanev at gmail.com>
Cc: "Miso Mijatovic" <mmijatovic at sorint.it>, oisf-users at lists.openinfosecfoundation.org
Inviato: Lunedì, 20 aprile 2015 19:19:13
Oggetto: Re: [Oisf-users] file truncated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I had the exact same problem Miso did because I missed an off-load setting.

Miso, as a sanity check could you run 'ethtool -k' on your monitor
interface and copy the results here?

- -Coop

On 4/20/2015 10:15 AM, Peter Manev wrote:
> NIC offloading is already included in the wiki link that Miso
> mentioned he followed -
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File_Extraction
> (plus all offloading should be disabled by default in selks  - only
> for eth0 though)


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJVNTUQAAoJEKIFRYQsa8FWmyMIAI2oPFTZaxY3oBqGHcIwfkIb
xxZTEF3tp73OaY0tV3Mz6nKqK28CduZThkDT4fCtPHI2i1pxOOwJQqZmRCg+a5Pw
RSPa9pqA9p492Y94a7sAyq6B9LDZ8KDFNNvKOpXmIIDec+27Kj5OgOlLNGg7bjMn
Zzj44vta4sPONprkpUvEHUYbSSrH/wE70NlI1hmoKObu4RfJMUIJtIrOgInNIxue
L/pd+VWsBubrzFJ4iSUoGVbs5XTmhVbDShGUfQnvsTy6fZqI4KEe4uB/e6eyVC6f
onMY0RGejIp6nE9w9QRCxz0nKzCQM0021pQnIXxTMwM9p0ZM7/bmZC3JGVVD4IQ=
=2jWR
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: figure_6.png
Type: image/png
Size: 45238 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150421/c02b7c1d/attachment-0012.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: figure_5.png
Type: image/png
Size: 24892 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150421/c02b7c1d/attachment-0013.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: figure_4.png
Type: image/png
Size: 38987 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150421/c02b7c1d/attachment-0014.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: figure_3.png
Type: image/png
Size: 27528 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150421/c02b7c1d/attachment-0015.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: figure_2.png
Type: image/png
Size: 47921 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150421/c02b7c1d/attachment-0016.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: figure_1.png
Type: image/png
Size: 39322 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150421/c02b7c1d/attachment-0017.png>

More information about the Oisf-users mailing list