[Oisf-users] How to discover Dropped packets
Andreas Herz
andi at geekosphere.org
Thu Oct 27 22:02:28 UTC 2016
On 27/10/16 at 23:57, Filippo Carletti wrote:
> > So what you could start with is to check if you run into the same part
> > as I did. I added output to make sure that's the section of the code
> > where my dropped packets ran into.
>
> To be sure I've understood: I'll need to rebuild Suricata with
> –enable-debug and run with SC_LOG_LEVEL=Debug
> SC_LOG_OP_FILTER=”stream” suricata...
> Or no filter at all?
>
Would be one possibility but depending on where your packets are dropped
you might want to add your own SCLog Output.
> > It would be also helpful if you can reproduce the issue with a dedicated
> > traffic so we could look into that. I also assume that it's no
> > load/performance issue?
>
> I'll try to find a traffic pattern.
> I'd rule out performance issues, my ADSL link is a 7/1mbit. :-(
I would exclude that, yes :)
> Do you think that mid stream pickup not making a difference means that
> all traffic goes to Suricata (i.e. no iptables problem with nfqueue
> rules)?
Well can you share the relevant parts of your iptables rules?
Just to make sure it's nothing about that.
--
Andreas Herz
More information about the Oisf-users
mailing list