Hi there,
I'm currently building a bandwidth monitor application using the PF_RING-ified libpcap. When opening the interface, it does register the presence of the kernel extension, but I see no traffic through the interface. The only way I can get traffic into my application so far is through the regular libpcap, which works, but the system load shows that the approach won't scale too far: I've configured our Cisco 2950 to mirror external traffic to a dedicated interface on this particular host for bandwidth monitoring purposes.
I'm keen to use the PF_RING extension because we were (once!) running a Linux vrrpd which worked through regular pcap, and under a denial-of-service attack (which happens once every 1-2 months), the load from the vrrpd process brought the system to its knees.
So any ideas what I'm doing wrong to not see any traffic from my PF_RING pcap-based application? I'm just capturing like this:
capture->pcap = pcap_open_live("eth1", 64, 1, 100, errbuf);
...
pcap_loop(capture->pcap, -1, callback, (u_char*) capture)Fine with the Debian/unstable libpcap, not fine with PF_RING. Any ideas?
cheers,
-- Matthew Bloch
_______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
